A General Framework to Understand Vulnerabilities in Information Systems

Xiong ZHANG, Haoran XIE, Hao YANG, Hongkai SHAO, Minghao ZHU*

*Corresponding author for this work

Research output: Journal PublicationsJournal Article (refereed)peer-review

10 Citations (Scopus)


Firms and organizations are increasingly facing security issues related to vulnerabilities in their information systems. Firms, especially small and medium-sized enterprises, usually have very limited security resources and thus have difficulty understanding vulnerabilities and fixing them accordingly. This study aims to build a general framework that can help firms understand the characteristics of vulnerabilities in information systems: for instance, what category a specific vulnerability belongs to, what potential risks it poses, and what the key clues are to addressing it. To this end, we collect data on real vulnerabilities that have emerged in firms’ information systems from a popular vulnerability report platform. Features are extracted at four different levels, namely, the word, phrase, topic, and record levels. The experimental results show that the general framework helps characterize the modes and patterns of various types of vulnerabilities. This study contributes to the security literature by providing a deeper understanding of the characteristics of vulnerabilities and their related suggested solutions. Firms can apply this framework to ensure information security.
Original languageEnglish
Article number9130665
Pages (from-to)121858-121873
Number of pages16
JournalIEEE Access
Early online date1 Jul 2020
Publication statusPublished - Jul 2020

Bibliographical note

This work was supported in part by grants from the National Natural Science Foundation of China (Grant No. 71801014), the Beijing Social Science Foundation (Grant No. 17GLC069), and the Ministry of Finance of the People's Republic of China (Grant CJ [2018] No. 281).


  • Classification
  • information security
  • risk-level prediction
  • topic analysis
  • vulnerability


Dive into the research topics of 'A General Framework to Understand Vulnerabilities in Information Systems'. Together they form a unique fingerprint.

Cite this