Catch Me If You Can Dataset

Dataset Supporting the CPSIOT 2020 Workshop Paper "Catch Me If You Can: An In-Depth Study of CVE Discovery Time and Inconsistencies for Managing Risk in Critical Infrastructures" by Richard J. Thomas, Joe Gardiner, Tom Chothia, Awais Rashid, Manolis Samanis and Joshua Perrett, a joint collaboration between the University of Birmingham and University of Bristol.

Read the Paper » Referencing the Dataset » Dataset Information and Release »

Referencing this Dataset

We encourage the use of our Dataset by the research community. If you do use it, we ask that you cite the Dataset and credit the University of Birmingham and the Bristol Cyber Security Group.

This Dataset is licensed under the Creative Commons Attribution 4.0 International license.

The Citation and BibTeX can be exported using the buttons below.

R.J. Thomas, J. Gardiner, T. Chothia, A. Rashid, M. Samanis and J. Perrett. (2020) "Catch Me If You Can: An In-Depth Study of CVE Discovery Time and Inconsistencies for Managing Risks in Critical Infrastructure" in: Proceedings of the ACM Workshop on Cyber-Physical Systems Security & IOT Security and Privacy.

@InProceedings{cpsiotsec2020,
            author="Thomas, Richard J. and Gardiner, Joe and Chothia, Tom and Rashid, Awais and Samanis, Manolis and Perrett, Joshua",
            title="Catch Me If You Can: An In-Depth Study of CVE Discovery Time and Inconsistencies for Managing Risks in Critical Infrastructure",
            booktitle={Proceedings of the ACM Workshop on Cyber-Physical Systems Security \& IOT Security and Privacy},
            year="2020"
            }

The Dataset

Everything you need to know about this Dataset.

Dataset Information:

The 'Catch Me If You Can' Dataset was curated by scraping CISA ICS-CERT Advisories, the NIST NVD CVE feeds, MITRE CVE exports and the MITRE CWE list. The workflow that imports the data held in these sources to form our Dataset is given in our paper.

This Dataset contains all ICS advisories between 2011 and March 2020. Some key statistics are given below:

1,143 CISA ICS Advisories (1,089 ICS-specific, 54 Medical)
2,327 ICS CVEs
14,577 Unique CPEs
44,030 CPE Listings for all CVEs

Data Schema

The Dataset has been broken down for simple referencing and for intuitive use. The schema is given below, with a description of the fields contained in this Dataset. Each schema has a matching SQL and CSV file for download.

cpe_listing
- cve_id - The CVE ID (extracted from ICS Advisory)
- cpe_vector - The CPE vector of the affected device, software or operating system (Extracted from the NVD CVE)
- vendor - The stated vendor (extracted from the 'vendor' part of the CPE)
- cwe_id - The CWE ID (from the ICS Advisory), used during analysis to identify whether certain classes of vulnerability influenced temporal aspects. A separate analysis of ICS vulnerabilities is in the Learning from Vulnerabilities Paper.
- icsa_id - The ICS Advisory ID (from US-CERT)
- start_version - The 'start' version of the vulnerability (from the NVD CVE)
- end_version - The 'end' version of the vulnerability (from the NVD CVE)
- cvss_version - The CVSS Version (2 or 3) (from the NVD CVE)
- cvss_base_score - The CVSS Base Score (from the NVD CVE)
- cvss_exploitability_score - The CVSS Exploitability Score (not in CVSS v2) (from the NVD CVE)
- cvss_impact_score - The CVSS Impact Score (not in CVSS v2) (from the NVD CVE)
- cvss_severity - The CVSS Severity classification (LOW, MEDIUM, HIGH | LOW, MEDIUM, HIGH, CRITICAL) (from the NVD CVE)
- cvss_vector - The CVSS Vector (from the NVD CVE)
- is_vulnerable - Bit flag to determine if the CPE is vulnerable (from NVD CVE)
- u_sfp_cluster - Mapped CWE to SFP cluster ID (from NVD CVE)
- u_sys_created - The Date and Time the CVE was published (from the NVD CVE)
- u_sys_updated - The Date and Time the CVE was last modified (from the NVD CVE)
- cna_assigner - The stated CNA assigner (from the NVD CVE)
- mitre_cna_assigner - The stated CNA assigner (from the MITRE CVE)

Dataset Releases

This Dataset is available as SQL and CSV files for database servers and integration with other data analysis tools and software.

Please note: this Dataset contains only pre-processed data, and not the device sales, release and firmware update data that was used in our paper.

Full Dataset

The full dataset of ICS Advisories, CVE and CPE information and other data through to March 2020.

Full Dataset Files
Schema File	SQL	CSV	JSON
cpsiot2020-cpe_listing	SQL	CSV	JSON

Have Questions?

If you have any questions, please feel free to get in touch with us. Our contact addresses are in the paper.