Guardado en:
Detalles Bibliográficos
Autores principales: Wang, Lingxiao, Dang, Wenjing, Zhang, Mengyao, Wang, Yue, Wu, Xianzong, Chen, Sen
Formato: Preprint
Publicado: 2025
Materias:
Acceso en línea:https://arxiv.org/abs/2508.18109
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
_version_ 1866918130234687488
author Wang, Lingxiao
Dang, Wenjing
Zhang, Mengyao
Wang, Yue
Wu, Xianzong
Chen, Sen
author_facet Wang, Lingxiao
Dang, Wenjing
Zhang, Mengyao
Wang, Yue
Wu, Xianzong
Chen, Sen
contents For vulnerabilities, Proof-of-Concept (PoC) plays an irreplaceable role in demonstrating the exploitability. PoC reports may include critical information such as specific usage, test platforms, and more, providing essential insights for researchers. However, in reality, due to various PoC templates across PoC platforms, PoC reports extensively suffer from information deficiency, leading the suboptimal quality and limited usefulness. Fortunately, we found that information deficiency of PoC reports could be mitigated by the completion from multiple sources given the same referred vulnerability. In this paper, we conduct the first study on the deficiency of information in PoC reports across public platforms. We began by collecting 173,170 PoC reports from 4 different platforms and defined 8 key aspects that PoCs should contain. By integrating rule-based matching and a fine-tuned BERT-NER model for extraction of key aspects, we discovered that all PoC reports available on public platforms have at least one missing key aspect. Subsequently, we developed a multi-source information fusion method to complete the missing aspect information in PoC reports by leveraging CVE entries and related PoC reports from different sources. Finally, we successfully completed 69,583 PoC reports (40.18% of all reports).
format Preprint
id arxiv_https___arxiv_org_abs_2508_18109
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Aligning Core Aspects: Improving Vulnerability Proof-of-Concepts via Cross-Source Insights
Wang, Lingxiao
Dang, Wenjing
Zhang, Mengyao
Wang, Yue
Wu, Xianzong
Chen, Sen
Cryptography and Security
For vulnerabilities, Proof-of-Concept (PoC) plays an irreplaceable role in demonstrating the exploitability. PoC reports may include critical information such as specific usage, test platforms, and more, providing essential insights for researchers. However, in reality, due to various PoC templates across PoC platforms, PoC reports extensively suffer from information deficiency, leading the suboptimal quality and limited usefulness. Fortunately, we found that information deficiency of PoC reports could be mitigated by the completion from multiple sources given the same referred vulnerability. In this paper, we conduct the first study on the deficiency of information in PoC reports across public platforms. We began by collecting 173,170 PoC reports from 4 different platforms and defined 8 key aspects that PoCs should contain. By integrating rule-based matching and a fine-tuned BERT-NER model for extraction of key aspects, we discovered that all PoC reports available on public platforms have at least one missing key aspect. Subsequently, we developed a multi-source information fusion method to complete the missing aspect information in PoC reports by leveraging CVE entries and related PoC reports from different sources. Finally, we successfully completed 69,583 PoC reports (40.18% of all reports).
title Aligning Core Aspects: Improving Vulnerability Proof-of-Concepts via Cross-Source Insights
topic Cryptography and Security
url https://arxiv.org/abs/2508.18109