├── .idea ├── encodings.xml ├── misc.xml ├── modules.xml ├── security_github.iml └── vcs.xml ├── LICENSE ├── README.md ├── dataset ├── dataset_template.json └── tweet_anno_id.tsv ├── dataset_processing.py ├── main.py ├── model ├── evaluation.py └── lr.py ├── prepare_dataset_for_tagging.py ├── sample_input.json ├── train_model_lr.py ├── trained_model ├── existence_lr_model.pkl ├── existence_train_ngram_counter.json ├── existence_train_ngram_dict.json ├── severity_lr_model.pkl ├── severity_train_ngram_counter.json └── severity_train_ngram_dict.json └── utils ├── io.py └── tagging_process.py /.idea/encodings.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /.idea/misc.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /.idea/modules.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /.idea/security_github.iml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 11 | -------------------------------------------------------------------------------- /.idea/vcs.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | END OF TERMS AND CONDITIONS 622 | 623 | How to Apply These Terms to Your New Programs 624 | 625 | If you develop a new program, and you want it to be of the greatest 626 | possible use to the public, the best way to achieve this is to make it 627 | free software which everyone can redistribute and change under these terms. 628 | 629 | To do so, attach the following notices to the program. It is safest 630 | to attach them to the start of each source file to most effectively 631 | state the exclusion of warranty; and each file should have at least 632 | the "copyright" line and a pointer to where the full notice is found. 633 | 634 | 635 | Copyright (C) 636 | 637 | This program is free software: you can redistribute it and/or modify 638 | it under the terms of the GNU General Public License as published by 639 | the Free Software Foundation, either version 3 of the License, or 640 | (at your option) any later version. 641 | 642 | This program is distributed in the hope that it will be useful, 643 | but WITHOUT ANY WARRANTY; without even the implied warranty of 644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 645 | GNU General Public License for more details. 646 | 647 | You should have received a copy of the GNU General Public License 648 | along with this program. If not, see . 649 | 650 | Also add information on how to contact you by electronic and paper mail. 651 | 652 | If the program does terminal interaction, make it output a short 653 | notice like this when it starts in an interactive mode: 654 | 655 | Copyright (C) 656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 657 | This is free software, and you are welcome to redistribute it 658 | under certain conditions; type `show c' for details. 659 | 660 | The hypothetical commands `show w' and `show c' should show the appropriate 661 | parts of the General Public License. Of course, your program's commands 662 | might be different; for a GUI interface, you would use an "about box". 663 | 664 | You should also get your employer (if you work as a programmer) or school, 665 | if any, to sign a "copyright disclaimer" for the program, if necessary. 666 | For more information on this, and how to apply and follow the GNU GPL, see 667 | . 668 | 669 | The GNU General Public License does not permit incorporating your program 670 | into proprietary programs. If your program is a subroutine library, you 671 | may consider it more useful to permit linking proprietary applications with 672 | the library. If this is what you want to do, use the GNU Lesser General 673 | Public License instead of this License. But first, please read 674 | . -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | Analyzing the Perceived Severity of Cybersecurity Threats Reported on Social Media 4 | ==================== 5 | 6 | This repository contains the code and resources from the following paper: 7 | 8 | Analyzing the Perceived Severity of Cybersecurity Threats Reported on Social Media 9 | 10 | Shi Zong, Alan Ritter, Graham Mueller, Evan Wright 11 | 12 | https://www.aclweb.org/anthology/papers/N/N19/N19-1140/ 13 | 14 | ### Demo 15 | 16 | See demo at: 17 | 18 | http://kb1.cse.ohio-state.edu:8123/events/threat 19 | 20 | ### Python version 21 | 22 | python3.6 23 | 24 | ### Dataset preparation 25 | 26 | #### Get tweets 27 | 28 | We provide a file tweet_anno_id.tsv under dataset containing tweets ids we have annotated. This file contains two columns: tweets ids and timestamp. 29 | 30 | Actual tweet contents can be acquired by using Semeval Twitter data download script (https://github.com/aritter/twitter_download). Please follow instructions there to get tweets via Twitter API. 31 | 32 | Once you get all tweets downloaded, put downloaded.tsv under ./dataset folder. Then run prepare_dataset_for_tagging.py to prepare dataset.json file for tagging. 33 | 34 | ``` 35 | python prepare_dataset_for_tagging.py 36 | ``` 37 | 38 | #### Tweets tokenization 39 | 40 | We use Twitter NLP (https://github.com/aritter/twitter_nlp) for tokenization. 41 | 42 | We suggest using tagging tool in following way, which reads in json line format files and directly appends 'tags' field into the original file. Here dataset.json file is the output from prepare_dataset_for_tagging.py. 43 | 44 | ``` 45 | cat ./dataset.json | python python/ner/extractEntities2_json.py > dataset_tagged.json 46 | ``` 47 | 48 | #### Dataset preparation 49 | 50 | There are some final steps to get our annotated dataset. Specifically, we need to replace entities extracted by tagging tool with a special token . 51 | 52 | ``` 53 | python dataset_processing.py PATH_TO_TAGGED_FILE 54 | ``` 55 | 56 | The final dataset file dataset_processed.json should be in ./dataset folder. 57 | 58 | #### Note 59 | 60 | (1) We notice some tweets are marked as "Not Available" when downloading through twitter API. We can not directly release our dataset given Twitter's privacy policy. 61 | 62 | (2) For annotated tweets, we have specified the entity along with location we want to replace. For your own data, you could use getEntitySegClass() and replaceEntityTarget() in utils.tagging_process.py. 63 | 64 | (3) We recommend replacing all digits with 0. 65 | 66 | ### Feed your own data 67 | 68 | #### Train model 69 | 70 | We have provided our pre-trained model under trained_model directory. For threat existence classifier, we use 4,000 annotated tweets. For threat severity classifier, we use 1,200 annotated tweets. 71 | 72 | #### Preprocess your own data 73 | 74 | For a new batch of tweets, here are the pre-processing steps: 75 | 76 | (1) send all tweets for tagging 77 | 78 | Suppose you are using Twitter NLP, run 79 | 80 | ``` 81 | cat YOUR_DATA.json | python python/ner/extractEntities2_json.py > YOUR_DATA_tagged.json 82 | ``` 83 | 84 | should give you something like: 85 | 86 | ``` 87 | zero-day/O adobe/B-ENTITY flash/I-ENTITY player/O vulnerability/O 88 | ``` 89 | 90 | (2) replace extracted entities with TARGET token 91 | 92 | For example, "adobe flash" is marked as an entity and we need to replace it with \. You could either use functions in utils.tagging_process.py, or you could write your own code. The goal is to find a way to convert 93 | 94 | ``` 95 | zero-day/O adobe/B-ENTITY flash/I-ENTITY player/O vulnerability/O 96 | ``` 97 | 98 | to 99 | 100 | ``` 101 | zero-day player vulnerability 102 | ``` 103 | 104 | #### Classifier input data format 105 | Input data should be in .json format. We provide a sample input file sample_input.json for your reference. The classifier looks for 'text_TARGET' field. 106 | 107 | You could use writeJSONFile() in utils.io py for generating files. 108 | 109 | #### Calculate scores 110 | 111 | (1) for threat existence classifier 112 | 113 | ``` 114 | python main.py existence PATH_TO_YOUR_DATA.json 115 | ``` 116 | 117 | (2) for threat severity classifier 118 | 119 | ``` 120 | python main.py severity PATH_TO_YOUR_DATA.json 121 | ``` 122 | 123 | Prediction output file is stored under the same directory of your input data, with file name PATH_TO_YOUR_DATA_with_score.json. Prediction scores are in 'existence_prob' (or 'severity_prob') field. 124 | 125 | ### Train model 126 | 127 | If you want to train your own model, first change save_model to True and then 128 | 129 | (1) for threat existence classifier 130 | 131 | ``` 132 | python train_model_lr.py existence PATH_TO_TRAINING_DATA.json 133 | ``` 134 | 135 | (2) for threat severity classifier 136 | 137 | ``` 138 | python train_model_lr.py severity PATH_TO_TRAINING_DATA.json 139 | ``` 140 | 141 | You could change n-gram window size by using -w flag. Please make sure you are using the same n-gram window size for both training and evaluation. 142 | 143 | ### Reference 144 | 145 | ``` 146 | @inproceedings{zong-etal-2019-analyzing, 147 | title = "Analyzing the Perceived Severity of Cybersecurity Threats Reported on Social Media", 148 | author = "Zong, Shi and 149 | Ritter, Alan and 150 | Mueller, Graham and 151 | Wright, Evan", 152 | booktitle = "Proceedings of the 2019 Conference of the North {A}merican Chapter 153 | of the Association for Computational Linguistics: Human Language Technologies, 154 | Volume 1 (Long and Short Papers)", 155 | month = jun, 156 | year = "2019", 157 | address = "Minneapolis, Minnesota", 158 | publisher = "Association for Computational Linguistics", 159 | url = "https://www.aclweb.org/anthology/N19-1140", 160 | pages = "1380--1390" 161 | } 162 | ``` 163 | -------------------------------------------------------------------------------- /dataset_processing.py: -------------------------------------------------------------------------------- 1 | 2 | import argparse 3 | 4 | from utils.io import * 5 | from utils.tagging_process import * 6 | 7 | if __name__ == "__main__": 8 | 9 | ## parse input 10 | parser = argparse.ArgumentParser() 11 | parser.add_argument('tagged_result') 12 | options = parser.parse_args() 13 | 14 | ## load tagging results 15 | data_tagged = readJSONLine(options.tagged_result) 16 | print('num line', len(data_tagged)) 17 | 18 | ## replace entity with TARGET 19 | data_TARGET = [] 20 | for each_line in data_tagged: 21 | curr_info = each_line 22 | if each_line['text'].strip() != 'Not Available': 23 | curr_tweet, curr_tags = taggingSeperate(each_line['tags'].strip()) 24 | curr_TAR = replaceEntityTarget(each_line['curr_ner'], [i.lower() for i in curr_tweet], curr_tags) 25 | curr_info['text_TARGET'] = ' '.join([i for i in curr_TAR[0]]) 26 | data_TARGET.append(curr_info) 27 | 28 | ## write output file 29 | writeJSONFile(data_TARGET, './dataset/dataset_processed.json', verbose=True) -------------------------------------------------------------------------------- /main.py: -------------------------------------------------------------------------------- 1 | 2 | import argparse 3 | 4 | from sklearn import metrics 5 | 6 | from utils.io import * 7 | 8 | from model.lr import * 9 | from model.evaluation import * 10 | 11 | 12 | if __name__ == "__main__": 13 | 14 | ## parse input 15 | parser = argparse.ArgumentParser() 16 | parser.add_argument('classifier_mode') 17 | parser.add_argument('eval_path') 18 | parser.add_argument('--window_size_list', '-w', nargs='+', type=int, default=[2, 3, 4]) 19 | parser.add_argument('--ngram_extract_mode', '-e', default='all') 20 | options = parser.parse_args() 21 | 22 | ## existence classifier 23 | if options.classifier_mode == 'existence': 24 | 25 | ### load threat existence model 26 | try: 27 | with open('./trained_model/'+options.classifier_mode+'_lr_model.pkl', 'rb') as f: 28 | lr = pickle.load(f) 29 | except FileNotFoundError as err: 30 | print("[ERROR] model file doesn't exist", err) 31 | raise 32 | 33 | try: 34 | with open('./trained_model/'+options.classifier_mode+'_train_ngram_dict.json', 'r') as f: 35 | train_ngram_dict = json.load(f) 36 | except FileNotFoundError as err: 37 | print("[ERROR] train dict file doesn't exist", err) 38 | raise 39 | 40 | print('[I] loading complete.') 41 | 42 | ## read input 43 | exist_label2num = {'have_threat': 1, 'no_threat': 0} 44 | eval_all = readJSONFile(options.eval_path) 45 | 46 | ## evaluate model 47 | eval_prob = evalLRModel(options.window_size_list, eval_all, 48 | train_ngram_dict, options.ngram_extract_mode, lr) 49 | 50 | ## append score 51 | for idx, each_line in enumerate(eval_all): 52 | each_line['existence_prob'] = eval_prob[idx][1] 53 | 54 | # ## evaluation 55 | # eval_label = [exist_label2num[i['existence_anno']] for i in eval_all] 56 | # eval_p, eval_r = calPR(eval_label, [i[1] for i in eval_prob]) 57 | # print('auc', metrics.auc(eval_r, eval_p)) 58 | 59 | ## write output 60 | writeJSONFile(eval_all, options.eval_path.replace('.json', '_with_score.json'), verbose=True) 61 | 62 | ## severity classifier 63 | if options.classifier_mode == 'severity': 64 | 65 | ## load threat existence model 66 | try: 67 | with open('./trained_model/'+options.classifier_mode+'_lr_model.pkl', 'rb') as f: 68 | lr = pickle.load(f) 69 | except FileNotFoundError as err: 70 | print("[ERROR] model file doesn't exist", err) 71 | raise 72 | 73 | try: 74 | with open('./trained_model/'+options.classifier_mode+'_train_ngram_dict.json', 'r') as f: 75 | train_ngram_dict = json.load(f) 76 | except FileNotFoundError as err: 77 | print("[ERROR] train dict file doesn't exist", err) 78 | raise 79 | 80 | print('[I] loading completed.') 81 | 82 | ## read input 83 | severity_label2num = {'severe': 1, 'not_severe': 0} 84 | eval_all = readJSONFile(options.eval_path) 85 | 86 | ## evaluate model 87 | eval_prob = evalLRModel(options.window_size_list, eval_all, train_ngram_dict, 88 | options.ngram_extract_mode, lr) 89 | 90 | ## append score 91 | for idx, each_line in enumerate(eval_all): 92 | each_line['severity_prob'] = eval_prob[idx][1] 93 | 94 | ## evaluation 95 | # eval_label = [severity_label2num[i['severity_anno']] for i in eval_all] 96 | # eval_p, eval_r = calPR(eval_label, [i[1] for i in eval_prob]) 97 | # print('auc', metrics.auc(eval_r, eval_p)) 98 | 99 | ## write output 100 | writeJSONFile(eval_all, options.eval_path.replace('.json', '_with_score.json'), verbose=True) 101 | 102 | # ## print top ranked features 103 | # printTopFeatures(train_ngram_dict, lr) -------------------------------------------------------------------------------- /model/evaluation.py: -------------------------------------------------------------------------------- 1 | 2 | import numpy as np 3 | 4 | 5 | def calPR(true_label, conf_score): 6 | 7 | """ 8 | calculate precision / recall curve 9 | :param true_label: true labels 10 | :param conf_score: predictions scores 11 | :return: precision, recall values 12 | """ 13 | 14 | combine = [] 15 | for i in range(len(true_label)): 16 | combine.append((conf_score[i], true_label[i])) 17 | 18 | updated_prob_sorted = sorted(combine, key=lambda x: x[0], reverse=True) 19 | 20 | TP = 0 21 | FP = 0 22 | 23 | precision = [] 24 | recall = [] 25 | f1 = [] 26 | 27 | if np.sum(true_label) == 0: 28 | print("[WARNING] no true label") 29 | else: 30 | for (prob, label) in updated_prob_sorted: 31 | if label == 1: 32 | TP += 1 33 | else: 34 | FP += 1 35 | 36 | pre_value = float(TP) / (TP + FP) 37 | rec_value = float(TP) / np.sum(true_label) 38 | if pre_value == 0 and rec_value == 0: 39 | f1_value = 0 40 | else: 41 | f1_value = 2 * (pre_value * rec_value) / (pre_value + rec_value) 42 | 43 | precision.append(pre_value) 44 | recall.append(rec_value) 45 | f1.append(f1_value) 46 | 47 | return precision, recall 48 | 49 | 50 | def printTopFeatures(train_ngram_dict, lr): 51 | 52 | """ 53 | evaluate top ranked features for logistic regression 54 | :param train_ngram_dict: trained n-gram dictionary 55 | :param lr: trained lr model 56 | :return: None 57 | """ 58 | 59 | ## sort features by weights 60 | train_ngram_dict_reverse = {} 61 | for i in train_ngram_dict.items(): 62 | train_ngram_dict_reverse[i[1]] = i[0] 63 | 64 | token_ranked_coef = sorted([(train_ngram_dict_reverse[i], lr.coef_[0][i]) \ 65 | for i in range(len(train_ngram_dict))], key=lambda x: x[1], reverse=True) 66 | ## print features 67 | for i in range(50): 68 | print(token_ranked_coef[i][0], "%.2f" % token_ranked_coef[i][1]) 69 | 70 | return None 71 | -------------------------------------------------------------------------------- /model/lr.py: -------------------------------------------------------------------------------- 1 | 2 | """ 3 | train simple LR classifier 4 | """ 5 | 6 | import numpy as np 7 | from collections import Counter 8 | 9 | import pickle 10 | import json 11 | 12 | from sklearn.linear_model import LogisticRegression 13 | from scipy.sparse import * 14 | 15 | 16 | def convertToSparseMatrix(features_idx, features_dict): 17 | 18 | """ 19 | convert feature idx matrix in to sparse matrix 20 | :param features_idx: [list] original feature idx matrix 21 | :param features_dict: [dict] train_ngram_dict (for determine the dimension) 22 | :return: [dict] sparse matrix tuple 23 | """ 24 | 25 | ## generate 1 locations for sparse matrix 26 | location = [] 27 | for idx, line in enumerate(features_idx): 28 | for token in line: 29 | each_location = [] 30 | each_location.append(idx) 31 | each_location.append(token) 32 | location.append(each_location) 33 | 34 | ## row 35 | row = [i[0] for i in location] 36 | col = [i[1] for i in location] 37 | 38 | ## generate 1 s 39 | elements = [int(i) for i in list(np.ones((len(location))))] 40 | 41 | ## dim for original matrix 42 | dim = [len(features_idx), len(features_dict) + 1] 43 | 44 | ## sparse matrix 45 | sparse_matrix = csr_matrix((elements, (row, col)), shape=(len(features_idx), len(features_dict))) 46 | 47 | ## pack results 48 | results = {} 49 | results['idx'] = location 50 | results['sparse_matrix'] = sparse_matrix 51 | results['elements'] = elements 52 | results['dim'] = dim 53 | 54 | return results 55 | 56 | 57 | def tokenExtraction(window_size_list, data, mode): 58 | 59 | """ 60 | given data, extract the corresponing feature 61 | :param window_size_list: [list] define the window size of the n-grams 62 | :param data: [list] input data needs to be in a form of (tweet, tagging, ner) tuple 63 | :param mode: define how to extract features from the tweet 64 | :return: [list] extracted n-gram features 65 | """ 66 | 67 | ngram_all = [] 68 | ##### line here can be (text, tagging, ner) tuple 69 | for line in data: 70 | curr_ngram = [] 71 | ## find the location of the TARGET 72 | ##### replace the data with TARGET 73 | line2 = line.copy() 74 | line = line['text_TARGET'].split(" ") 75 | try: 76 | target_index = [idx for idx, i in enumerate(line) if i == ""][0] 77 | except: 78 | print(line) 79 | print("[ERROR] didn't find ") 80 | # print((tweet, tagging, ner)) 81 | raise 82 | ## extract features 83 | for window_size in window_size_list: 84 | start_index = max(0, target_index - window_size) 85 | end_index = min(target_index+window_size, len(line)) 86 | if mode == "TARGET_two_sides": 87 | extracted_token = " ".join(line[start_index:end_index]) 88 | curr_ngram.append(extracted_token) 89 | if mode == "TARGET_one_side": 90 | if line[0] != "": 91 | extracted_token = " ".join(line[start_index:target_index+1]) 92 | curr_ngram.append(extracted_token) 93 | if line[-1] != "": 94 | extracted_token = " ".join(line[target_index:end_index]) 95 | curr_ngram.append(extracted_token) 96 | if mode == "all": 97 | for idx in range(len(line)-window_size+1): 98 | extracted_token = " ".join(line[idx:idx+window_size]) 99 | curr_ngram.append(extracted_token) 100 | 101 | if curr_ngram: 102 | ngram_all.append(curr_ngram) 103 | else: 104 | ngram_all.append('') 105 | 106 | return ngram_all 107 | 108 | 109 | def convertFeature2Idx(actual_features, train_feature_dict): 110 | 111 | """ 112 | convert actual features into idx 113 | :param actual_features: real features extracted from tweets 114 | :param train_feature_dict: train_ngram_dict 115 | :return: 116 | """ 117 | 118 | features_idx = [] 119 | for line in actual_features: 120 | curr_feature = [] 121 | for token in line: 122 | try: 123 | curr_feature.append(train_feature_dict[token]) 124 | except: 125 | curr_feature.append(train_feature_dict['']) 126 | features_idx.append(curr_feature) 127 | 128 | return features_idx 129 | 130 | 131 | def buildTrainDict(train_ngram_all, verbose=False, set_threshold=False, threshold=1): 132 | 133 | """ 134 | build up train ngram dictionary 135 | :param train_ngram_all: all extracted ngram features 136 | :param verbose: 137 | :param set_threshold: if we want to move ngrams with low frequency 138 | :param threshold: define low frequency 139 | :return: [dict] train_ngram_dict 140 | """ 141 | 142 | ## collect all features 143 | train_ngram_all_flatten = [j for i in train_ngram_all for j in i] 144 | train_ngram_counter = Counter(train_ngram_all_flatten) 145 | train_ngram_counter = [(ngram, train_ngram_counter[ngram]) for ngram in train_ngram_counter.keys()] 146 | train_ngram_counter = sorted(train_ngram_counter, key=lambda x: x[1], reverse=True) 147 | if verbose: 148 | print("[I] total ngram", len(train_ngram_all_flatten), "unique ngram", len(set(train_ngram_all_flatten))) 149 | print("[I] the most frequent tokens: ", train_ngram_counter[0:20]) 150 | # if you want to use n-grams from the whole tweets, then a threshold might be needed 151 | if set_threshold: 152 | print("[W] threshold " + str(threshold) + " is used for filtering the ngrams") 153 | find_threshold_index = min([idx for idx, i in enumerate(train_ngram_counter) if i[1] == threshold]) 154 | train_ngram_counter = train_ngram_counter[0:find_threshold_index] 155 | # print(train_ngram_counter[-1], len(train_ngram_counter)) 156 | 157 | ## build up the dictionary 158 | train_ngram_dict = {} 159 | for idx, i in enumerate(train_ngram_counter): 160 | train_ngram_dict[i[0]] = idx 161 | train_ngram_dict[''] = idx + 1 162 | 163 | return train_ngram_counter, train_ngram_dict 164 | 165 | 166 | def trainLRModel(train_all, train_label, window_size_list, ngram_extract_mode, flag, save_model=False): 167 | 168 | """ 169 | given cyber threat data with severe / non-severe label, train a LR classifier 170 | :param train_all: training data 171 | :param train_label: training label 172 | :param window_size_list: n-gram window size 173 | :param ngram_extract_mode: 174 | :param flag: 175 | :param save_model: 176 | :return: 177 | """ 178 | 179 | ## extract n-grams 180 | train_ngram_all = tokenExtraction(window_size_list, train_all, mode=ngram_extract_mode) 181 | 182 | ## build up training dictionary 183 | train_ngram_counter, train_ngram_dict = buildTrainDict(train_ngram_all, verbose=False, 184 | set_threshold=True, threshold=1) 185 | 186 | train_features_idx = convertFeature2Idx(train_ngram_all, train_ngram_dict) 187 | 188 | train_features_no_dup = [] 189 | for line in train_features_idx: 190 | train_features_no_dup.append(list(set(line))) 191 | 192 | train_idx_sparse = convertToSparseMatrix(train_features_no_dup, train_ngram_dict) 193 | 194 | ## train LR 195 | lr = LogisticRegression(solver='lbfgs') 196 | lr.fit(train_idx_sparse['sparse_matrix'], train_label) 197 | 198 | ## print out some info 199 | print('[I] logistic regression training completed.') 200 | print('[I] training set dimension: ' + str(np.shape(train_idx_sparse['sparse_matrix']))) 201 | 202 | ## save model 203 | if save_model: 204 | with open('./trained_model/'+flag+'_lr_model.pkl', 'wb') as f: 205 | pickle.dump(lr, f) 206 | with open('./trained_model/'+flag+'_train_ngram_counter.json', 'w') as f: 207 | json.dump(train_ngram_counter, f) 208 | with open('./trained_model/'+flag+'_train_ngram_dict.json', 'w') as f: 209 | json.dump(train_ngram_dict, f) 210 | print("[I] all model files have been saved.") 211 | 212 | return lr, train_ngram_dict 213 | 214 | 215 | def evalLRModel(window_size_list, val_all, train_ngram_dict, ngram_extract_mode, model): 216 | 217 | """ 218 | cyber threat existence classifier 219 | :param window_size_list: define feature extraction window size 220 | :param val_all: data to be tested 221 | :param ngram_extract_mode: how the features are extracted 222 | :return: 223 | """ 224 | 225 | ## val features preparation 226 | # extract ngram 227 | val_ngram_all = tokenExtraction(window_size_list, val_all, mode=ngram_extract_mode) 228 | # convert into idx 229 | val_features_idx = convertFeature2Idx(val_ngram_all, train_ngram_dict) 230 | # remove duplicates in features for each data point 231 | val_features_no_dup = [] 232 | for line in val_features_idx: 233 | val_features_no_dup.append(list(set(line))) 234 | # convert to sparse matrix 235 | val_idx_sparse = convertToSparseMatrix(val_features_no_dup, train_ngram_dict) 236 | 237 | ## send val sparse matrix for classification 238 | val_prob = model.predict_proba(val_idx_sparse['sparse_matrix']) 239 | 240 | return val_prob -------------------------------------------------------------------------------- /prepare_dataset_for_tagging.py: -------------------------------------------------------------------------------- 1 | 2 | 3 | from utils.io import * 4 | 5 | ## read download text 6 | downloaded_tweets = readTSVFile('./dataset/downloaded.tsv') 7 | print('num lines', len(downloaded_tweets)) 8 | 9 | downloaded_tweets_dict = {} 10 | for each_tweet in downloaded_tweets: 11 | downloaded_tweets_dict[each_tweet[0]] = each_tweet[-1].replace('…', ' ') 12 | 13 | ## filling 14 | dataset = readJSONFile('./dataset/dataset_template.json') 15 | for each_tweet in dataset: 16 | each_tweet['text'] = downloaded_tweets_dict[each_tweet['id']] 17 | 18 | ## write output 19 | writeJSONLine('./dataset/dataset.json', dataset, verbose=True) 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /sample_input.json: -------------------------------------------------------------------------------- 1 | [{"text_TARGET": "rt engadget \" man gets 00 months in prison for emergency system ddos attacks https:t.co0pqrpdixsu \""}, {"text_TARGET": " android on qualcomm secure app pointer dereference memory corruption : a vulnerability was found in google https:t.cogkzaixkoyg"}, {"text_TARGET": "this is a rare moment of vulnerability for me , but sometimes i deeply fear that there will be an update that https:t.coikox0ccqzb"}, {"text_TARGET": " addresses #spectre #security vulnerability previously identified by google researchers with the release o https:t.cofkymdb0fkl"}, {"text_TARGET": "@survivetheark server 000 on has been being ddos'd for a while now \ud83d\ude22\ud83d\ude13\ud83d\ude2d"}] -------------------------------------------------------------------------------- /train_model_lr.py: -------------------------------------------------------------------------------- 1 | 2 | ### existence of threat classifier 3 | 4 | import argparse 5 | 6 | from utils.io import * 7 | from model.lr import * 8 | 9 | from sklearn import metrics 10 | from model.evaluation import * 11 | 12 | 13 | if __name__ == "__main__": 14 | 15 | ## parse input 16 | parser = argparse.ArgumentParser() 17 | parser.add_argument('classifier_mode') 18 | parser.add_argument('train_path') 19 | parser.add_argument('--window_size_list', '-w', nargs='+', type=int, default=[2, 3, 4]) 20 | parser.add_argument('--ngram_extract_mode', '-e', default='all') 21 | options = parser.parse_args() 22 | 23 | ## existence classifier 24 | if options.classifier_mode == 'existence': 25 | 26 | exist_label2num = {'have_threat': 1, 'no_threat': 0} 27 | 28 | ## read input 29 | train_all = readJSONFile(options.train_path) 30 | train_label = [exist_label2num[i['existence_anno']] for i in train_all] 31 | 32 | ## train model 33 | exist_lr, exist_train_ngram_dict = trainLRModel(train_all, train_label, 34 | options.window_size_list, 35 | options.ngram_extract_mode, 36 | flag='existence', save_model=True) 37 | 38 | ## severity classifier 39 | if options.classifier_mode == 'severity': 40 | 41 | severity_label2num = {'severe': 1, 'not_severe': 0} 42 | 43 | ## read input 44 | train_all = readJSONFile(options.train_path) 45 | train_label = [severity_label2num[i['severity_anno']] for i in train_all] 46 | 47 | ## train model 48 | lr, train_ngram_dict = trainLRModel(train_all, train_label, 49 | options.window_size_list, 50 | options.ngram_extract_mode, 51 | flag='severity', save_model=True) 52 | -------------------------------------------------------------------------------- /trained_model/existence_lr_model.pkl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s4zong/cybersecurity_threat_severity_analysis/5737cb983894cb499e571f6219da5e0319961c73/trained_model/existence_lr_model.pkl -------------------------------------------------------------------------------- /trained_model/severity_lr_model.pkl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s4zong/cybersecurity_threat_severity_analysis/5737cb983894cb499e571f6219da5e0319961c73/trained_model/severity_lr_model.pkl -------------------------------------------------------------------------------- /trained_model/severity_train_ngram_counter.json: -------------------------------------------------------------------------------- 1 | [["vulnerability in", 215], ["in ", 195], [": ", 148], ["a vulnerability", 141], ["vulnerability in ", 103], [": a", 85], [" devices", 80], [": a vulnerability", 76], ["on ", 73], ["found in", 68], ["in the", 63], [" android", 56], ["0.0 .", 55], [" 's", 53], ["threatmeter :", 51], [". 0", 48], ["has been", 48], ["a vulnerability in", 48], ["vulnerability in the", 47], ["code execution", 45], ["information disclosure", 42], ["ddos attacks", 42], ["of ", 42], ["0.0 . 0", 41], ["privilege escalation", 40], ["for ", 40], [" ,", 39], ["and ", 39], ["security vulnerability", 39], [", ", 38], ["vulnerability was", 38], ["was found", 37], ["a vulnerability was", 37], [": a vulnerability was", 37], ["ddos attack", 36], ["vulnerability was found", 35], ["memory corruption", 34], ["a vulnerability was found", 34], ["was found in", 31], ["critical vulnerability", 31], ["execution vulnerability", 30], ["vulnerability was found in", 30], ["the ", 30], ["vulnerability found", 30], ["denial of", 29], ["of service", 29], ["vulnerability has", 29], ["denial of service", 29], ["remote code", 28], ["remote code execution", 28], ["code execution vulnerability", 28], [": android", 27], ["threatmeter : ", 27], ["corruption :", 27], ["memory corruption :", 27], ["corruption : a", 27], ["memory corruption : a", 27], ["corruption : a vulnerability", 27], ["vuln :", 26], ["vulnerability has been", 26], ["vulnerability (", 26], ["new post", 26], [" and", 24], [", and", 24], ["vuln : ", 23], [" office", 23], ["a vulnerability in ", 23], ["remote code execution vulnerability", 22], ["vulnerability ,", 22], ["( ", 21], ["android on", 21], [" android on", 21], ["found in ", 21], ["exists in", 21], ["a security", 21], ["cve-0000-0000 :", 21], ["vulnerability .", 20], ["injection vulnerability", 20], ["vulnerability found in", 20], [" vulnerability", 20], ["vulnerability exists", 20], ["a critical", 20], ["escalation vulnerability", 20], ["privilege escalation vulnerability", 20], ["#vulnerability #security", 19], ["#security :", 19], ["#vulnerability #security :", 19], [" player", 19], ["could allow", 19], ["in 's", 19], ["disclosure vulnerability", 19], ["information disclosure vulnerability", 19], ["to ", 19], ["- score", 19], ["score :", 19], ["- score :", 19], [") has", 19], ["\" ", 19], ["up to", 18], ["#ddos attacks", 18], [", which", 18], [" -", 18], [" has", 18], ["for devices", 18], ["exists in ", 18], ["site scripting", 18], ["a security vulnerability", 18], [" users", 18], ["post from", 18], ["vulnerability )", 18], ["on qualcomm", 17], ["been found", 17], ["android on qualcomm", 17], ["has been found", 17], [" android on qualcomm", 17], ["in google", 17], ["vulnerability that", 17], ["a new", 17], ["vulnerability exists in", 17], [") vulnerability", 17], ["component of", 17], ["new post from", 17], ["a vulnerability has", 16], ["sql injection", 16], ["found in google", 16], ["alert for", 16], ["bypass vulnerability", 16], ["by ", 16], ["from https:t.co0kyxtdzjkl", 16], ["https:t.co0kyxtdzjkl (", 16], ["post from https:t.co0kyxtdzjkl", 16], ["from https:t.co0kyxtdzjkl (", 16], ["https:t.co0kyxtdzjkl ( ", 16], ["new post from https:t.co0kyxtdzjkl", 16], ["post from https:t.co0kyxtdzjkl (", 16], ["from https:t.co0kyxtdzjkl ( ", 16], ["been found in", 15], ["a vulnerability has been", 15], ["has been found in", 15], ["zero-day vulnerability", 15], [": vulnerability", 15], ["attacks on", 15], ["drops a", 15], ["alert for ", 15], ["alert for devices", 15], [": vuln", 15], ["cross site", 15], [") vulnerability in", 15], ["component of ", 15], ["cross-site scripting", 15], ["threatmeter : android", 15], [". x", 14], ["a ddos", 14], ["#vulnerability in", 14], ["vulnerability has been found", 14], ["sql injection vulnerability", 14], ["this vulnerability", 14], [" device", 14], ["cve-0000-0000 (", 14], ["vulnerability exists in ", 14], [": vuln :", 14], [": vuln : ", 14], ["scripting vulnerability", 14], ["security vulnerability in", 14], ["to 0.0", 13], ["escalation :", 13], ["privilege escalation :", 13], [" financial", 13], ["to a", 13], ["security bulletin", 13], ["in player", 13], ["windows 00", 13], ["service :", 13], ["of service :", 13], ["service : a", 13], ["denial of service :", 13], ["of service : a", 13], ["service : a vulnerability", 13], [": a vulnerability has", 13], ["for a", 13], ["is prone", 13], ["a vulnerability in the", 13], ["a mega-vulnerability", 13], ["mega-vulnerability alert", 13], ["devices .", 13], ["drops a mega-vulnerability", 13], ["a mega-vulnerability alert", 13], ["mega-vulnerability alert for", 13], ["drops a mega-vulnerability alert", 13], ["a mega-vulnerability alert for", 13], ["cross site scripting", 13], ["in the ", 13], ["cve-0000-0000 -", 13], ["00.0 .", 13], ["attack on", 13], ["patch a", 13], ["which was", 13], ["a vulnerability ,", 13], [", which was", 13], ["cpu vulnerability", 12], ["classified as", 12], ["there is", 12], ["vulnerability on", 12], ["service vulnerability", 12], ["of service vulnerability", 12], ["denial of service vulnerability", 12], [" .", 12], [" devices .", 12], ["mega-vulnerability alert for ", 12], ["vulnerability :", 12], ["from ", 12], ["vulnerability in the ", 12], [" apps", 12], ["( cve-0000-0000", 12], ["a critical vulnerability", 12], ["users to", 12], ["apps script", 12], ["vulnerability , which", 12], ["a vulnerability , which", 12], ["vulnerability , which was", 12], ["is a", 12], ["vulnerability ) has", 12], ["was found in google", 12], [") has been", 12], ["against ", 12], ["escalation : a", 11], ["privilege escalation : a", 11], ["escalation : a vulnerability", 11], ["bulletin :", 11], ["security bulletin :", 11], ["#vulnerability in ", 11], ["vulnerability in 's", 11], ["the vulnerability", 11], [": android on", 11], [": \"", 11], [": new", 11], ["vulnerability found in ", 11], [": 0.0", 11], ["score : 0.0", 11], ["- score : 0.0", 11], ["to ddos", 11], ["attackers to", 11], ["critical vulnerability in", 11], ["cve-0000-0000 local", 11], ["new vulnerability", 11], ["cve-0000-0000 )", 11], ["( cve-0000-0000 )", 11], ["that could", 11], ["chip vulnerability", 11], ["has a", 11], ["https:t.coks0bv0fsqa :", 11], ["a severe", 11], ["found a", 11], ["hit by", 11], [": a vulnerability ,", 11], [" is", 11], ["cve-0000-0000 vulnerability", 11], ["cve-0000-0000 vulnerability in", 11], ["ibm security", 11], ["( cve-0000-0000)", 11], ["prone to", 10], ["overflow vulnerability", 10], ["on the", 10], ["to steal", 10], ["discovered in", 10], ["vulnerability affects", 10], ["security vulnerability in ", 10], ["anytime soon", 10], [" kernel", 10], ["to be", 10], ["attack on ", 10], [" apps script", 10], ["disclosure :", 10], ["information disclosure :", 10], ["disclosure : a", 10], ["information disclosure : a", 10], ["disclosure : a vulnerability", 10], ["of a", 10], ["ibm security bulletin", 10], ["ibm security bulletin :", 10], [", 0.00", 10], ["vulnerability ( cve-0000-0000)", 10], ["to 0.0 .", 9], ["0.0 . x", 9], [" :", 9], ["financial services", 9], ["vulnerability is", 9], ["buffer overflow", 9], ["buffer overflow vulnerability", 9], ["vulnerable to", 9], ["with ", 9], ["due to", 9], ["ddos attacks on", 9], ["for the", 9], ["request forgery", 9], ["allows attackers", 9], ["local privilege", 9], ["local privilege escalation", 9], ["since 0000", 9], ["0 ,", 9], [". 0 ,", 9], ["0 0.0", 9], [". 0 0.0", 9], ["0.0 . 0 0.0", 9], ["a ddos attack", 9], [") vulnerability in ", 9], ["rt @hosselot", 9], ["@hosselot :", 9], ["rt @hosselot :", 9], [": the", 9], ["a serious", 9], ["patch a severe", 9], ["script vulnerability", 9], ["apps script vulnerability", 9], [") 0.0", 9], ["vulnerability -", 9], ["spoofing vulnerability", 9], ["cve-0000-0000 vulnerability in the", 9], ["need to", 9], ["edge vulnerability", 9], ["cve-0000-0000) :", 9], ["( cve-0000-0000) :", 9], ["0.00 ,", 9], ["to the", 8], ["vulnerability classified", 8], ["up to 0.0", 8], ["a vulnerability classified", 8], [": a vulnerability classified", 8], [" 0.0", 8], [" financial services", 8], [" products", 8], ["rt @threatmeter", 8], ["@threatmeter :", 8], ["rt @threatmeter :", 8], ["@threatmeter : ", 8], ["rt @threatmeter : ", 8], [", see", 8], ["see more", 8], [", see more", 8], ["] ", 8], ["every ", 8], ["every device", 8], ["allows attackers to", 8], ["cve-0000-0000 local privilege", 8], ["cve-0000-0000 local privilege escalation", 8], ["vulnerability discovered", 8], ["be exploited", 8], ["threatmeter : vuln", 8], ["threatmeter : vuln :", 8], ["site scripting vulnerability", 8], [", ,", 8], ["access to", 8], ["attacks on ", 8], [": cve-0000-0000", 8], ["arbitrary code", 8], ["how to", 8], ["@hosselot : ", 8], ["rt @hosselot : ", 8], ["security bypass", 8], ["affected by", 8], ["discovered a", 8], ["serious vulnerability", 8], ["of devices", 8], ["on devices", 8], [" won't", 8], ["won't patch", 8], ["vulnerability anytime", 8], ["won't patch a", 8], ["vulnerability anytime soon", 8], ["won't patch a severe", 8], ["and the", 8], ["hackers to", 8], ["- ", 8], ["a security vulnerability in", 8], [" apps script vulnerability", 8], [", 0.0", 8], [" allows", 8], ["there is a", 8], ["to 0.0 . 0", 8], ["google android", 8], ["in google android", 8], ["found in google android", 8], ["is prone to", 8], ["from a", 8], ["ddos attack on", 8], ["#vuln :", 8], ["of the", 8], ["vulnerability ( cve-0000-0000", 8], [" (", 8], [", 0.00 ,", 8], ["about the", 8], ["vulnerability ( cve-0000-0000) :", 8], ["vulnerability classified as", 7], ["a vulnerability classified as", 7], ["spectre vulnerability", 7], ["on :", 7], ["a remote", 7], ["a #vulnerability", 7], ["@threatmeter : android", 7], ["vulnerability to", 7], ["amazon ,", 7], ["external entity", 7], ["vulnerability on ", 7], ["( the", 7], ["critical vulnerability in ", 7], ["vulnerability-microsoft windows", 7], ["that allows", 7], ["been discovered", 7], ["has been discovered", 7], ["vulnerability has been discovered", 7], ["been found in ", 7], ["cross site scripting vulnerability", 7], ["cve-0000-0000 a", 7], [": rt", 7], [" tegra", 7], ["arbitrary code execution", 7], ["project zero", 7], ["and earlier", 7], ["security bypass vulnerability", 7], ["- a", 7], ["authentication bypass", 7], [" won't patch", 7], [" won't patch a", 7], ["vulnerability could", 7], [") 0.0 .", 7], ["0.0 . 0 ,", 7], ["in 0000", 7], [": 0", 7], ["score : 0", 7], ["- score : 0", 7], ["#vuln : ", 7], ["been published", 7], ["has been published", 7], [") has been published", 7], [" integrated", 7], ["affects ", 7], [": vulnerability in", 7], ["in its", 7], ["vulnerability ( cve-0000-0000 )", 7], ["to patch", 7], ["app developers", 7], ["( subcomponent", 7], ["nintendo switch", 6], ["0 .", 6], ["#security : ", 6], ["#vulnerability #security : ", 6], ["cve-0000-0000 remote", 6], ["remote security", 6], ["allow for", 6], ["a #vulnerability in", 6], ["could allow for", 6], [" switch", 6], ["yet another", 6], ["top story", 6], ["story :", 6], ["#ddos attack", 6], ["top story :", 6], ["malware protection", 6], ["are vulnerable", 6], ["meltdown vulnerability", 6], ["are vulnerable to", 6], ["zero-day vulnerability found", 6], ["zero-day vulnerability found in", 6], ["with a", 6], ["high severity", 6], ["severity vulnerability", 6], ["00 vulnerability", 6], ["cve-0000-00000 :", 6], ["as ", 6], ["forgery (", 6], ["request forgery (", 6], [" remote", 6], ["impacted by", 6], ["been discovered in", 6], ["has been discovered in", 6], ["could be", 6], ["security researchers", 6], ["address a", 6], ["in windows", 6], ["address a vulnerability", 6], ["intel ,", 6], [". the", 6], ["password vulnerability", 6], ["can be", 6], ["update ", 6], ["now !", 6], ["vulnerability allows", 6], ["0.000 and", 6], [", and ", 6], [" developers", 6], [" has a", 6], ["vulnerability [", 6], ["alert on", 6], ["windows security", 6], ["update for", 6], ["severe skype", 6], ["skype vulnerability", 6], ["a severe skype", 6], ["severe skype vulnerability", 6], ["skype vulnerability anytime", 6], ["patch a severe skype", 6], ["a severe skype vulnerability", 6], ["severe skype vulnerability anytime", 6], ["skype vulnerability anytime soon", 6], ["vulnerability but", 6], ["vulnerability of", 6], ["0 , 0.0", 6], [") 0.0 . 0", 6], [". 0 , 0.0", 6], ["corruption vulnerability", 6], ["memory corruption vulnerability", 6], [" mysql", 6], ["mysql server", 6], ["0.0 and", 6], ["cross-site scripting vulnerability", 6], ["at ", 6], ["#security : vuln", 6], ["#vulnerability #security : vuln", 6], ["#security : vuln :", 6], ["0.0 ", 6], ["0.0 0.0", 6], ["| \"", 6], ["post :", 6], ["news :", 6], ["update :", 6], ["overflow vulnerability (", 6], ["buffer overflow vulnerability (", 6], [" hit", 6], [" hit by", 6], ["0 0.0 .", 6], [". 0 0.0 .", 6], ["published on", 6], ["been published on", 6], ["has been published on", 6], [" issues", 6], ["details of", 6], ["integrated management", 6], [" integrated management", 6], [" \"", 6], ["use-after-free vulnerability", 6], ["vulnerability in its", 6], ["cisco drops", 6], ["cisco drops a", 6], ["cisco drops a mega-vulnerability", 6], ["be a", 6], ["rt @koddoscom", 6], ["@koddoscom :", 6], ["rt @koddoscom :", 6], [" discloses", 6], ["discloses unpatched", 6], ["unpatched edge", 6], ["discloses unpatched edge", 6], ["unpatched edge vulnerability", 6], ["discloses unpatched edge vulnerability", 6], ["flaw in", 6], ["scripting (", 6], ["( xss", 6], ["xss )", 6], ["cross-site scripting (", 6], ["scripting ( xss", 6], ["( xss )", 6], ["xss ) vulnerability", 6], ["cross-site scripting ( xss", 6], ["scripting ( xss )", 6], ["( xss ) vulnerability", 6], ["xss ) vulnerability in", 6], ["windows is", 6], ["vulnerability-microsoft windows is", 6], [": kernel", 6], ["ddos attack on ", 6], ["cve-0000-0000 : ", 6], ["was classified", 6], ["which was classified", 6], [", which was classified", 6], [" critical", 6], ["vulnerability strikes", 6], ["strikes app", 6], [" critical vulnerability", 6], ["critical vulnerability strikes", 6], ["vulnerability strikes app", 6], ["strikes app developers", 6], [" critical vulnerability strikes", 6], ["critical vulnerability strikes app", 6], ["vulnerability strikes app developers", 6], ["allows remote", 6], ["attacks are", 6], [", the", 6], ["vulnerability ) has been", 6], ["subcomponent :", 6], ["( subcomponent :", 6], ["jailed for", 5], ["attacks against", 5], ["a #vulnerability in ", 5], ["switch vulnerability", 5], [" industrial", 5], ["targeting ", 5], ["cve-0000-00000 information", 5], ["cve-0000-00000 information disclosure", 5], [" malware", 5], ["protection engine", 5], ["a remote code", 5], ["execution vulnerability in", 5], [" malware protection", 5], ["malware protection engine", 5], ["a remote code execution", 5], ["code execution vulnerability in", 5], [" malware protection engine", 5], [" 00server", 5], ["00server 0000", 5], [" 00server 0000", 5], ["suffered ddos", 5], ["new zero-day", 5], ["new zero-day vulnerability", 5], ["new zero-day vulnerability found", 5], ["found in player", 5], ["00% of", 5], ["a high", 5], ["high severity vulnerability", 5], ["xml external", 5], ["xml external entity", 5], ["windows 00 vulnerability", 5], ["0.0 a", 5], ["media framework", 5], [": 0.0 a", 5], ["score : 0.0 a", 5], [". [", 5], ["] #hacker", 5], ["0.00 .", 5], ["injection vulnerability in", 5], ["remote desktop", 5], ["app vulnerability", 5], ["cve-0000-0000000 (", 5], ["sensitive information", 5], [". dll", 5], ["the rise", 5], ["scripting :", 5], ["site scripting :", 5], [" servers", 5], ["researchers find", 5], ["tegra chipsets", 5], ["in tegra", 5], [" tegra chipsets", 5], ["in tegra chipsets", 5], [" with", 5], ["and other", 5], ["#ddos attacks on", 5], ["player 00.0", 5], [". 0.000", 5], [" player 00.0", 5], ["player 00.0 .", 5], ["00.0 . 0.000", 5], [". 0.000 and", 5], ["0.000 and earlier", 5], ["in player 00.0", 5], [" player 00.0 .", 5], ["player 00.0 . 0.000", 5], ["00.0 . 0.000 and", 5], ["that could allow", 5], ["mac and", 5], ["mac and ", 5], ["developers address", 5], [" developers address", 5], ["developers address a", 5], ["a vulnerability found", 5], [" developers address a", 5], ["developers address a vulnerability", 5], ["address a vulnerability found", 5], ["researchers at", 5], ["all ", 5], ["all devices", 5], ["traversal vulnerability", 5], ["plugin 0.00", 5], ["authentication bypass vulnerability", 5], ["#cisco drops", 5], ["#cisco drops a", 5], ["attack .", 5], ["emergency windows", 5], ["security update", 5], ["emergency windows security", 5], ["windows security update", 5], ["security update for", 5], ["update for a", 5], ["for a critical", 5], ["emergency windows security update", 5], ["windows security update for", 5], ["security update for a", 5], ["update for a critical", 5], ["for a critical vulnerability", 5], ["https:t.coks0bv0fsqa : ", 5], ["- the", 5], ["the java", 5], ["in the java", 5], ["vulnerability in the java", 5], ["epolicy orchestrator", 5], [", 0.0 .", 5], ["0 , 0.0 .", 5], ["a zero-day", 5], ["zero-day vulnerability in", 5], [", and the", 5], [" prior", 5], ["prior 00.0", 5], [". 0000.00", 5], [" prior 00.0", 5], ["prior 00.0 .", 5], ["00.0 . 0000.00", 5], [" prior 00.0 .", 5], ["prior 00.0 . 0000.00", 5], ["0000 impacted", 5], ["since 0000 impacted", 5], ["0000 impacted by", 5], ["since 0000 impacted by", 5], ["0 to", 5], [". 0 to", 5], ["0 to 0.0", 5], ["0.0 . 0 to", 5], [". 0 to 0.0", 5], ["0 to 0.0 .", 5], ["cve-0000-0000 cross", 5], ["cve-0000-0000 cross site", 5], ["vulnerability exposes", 5], ["the nra", 5], ["vulnerability that could", 5], ["vulnerability lets", 5], ["lets attackers", 5], ["new post :", 5], ["to an", 5], ["prone to an", 5], ["traffic server", 5], ["suffers from", 5], ["suffers from a", 5], ["security advisory", 5], ["0000 ,", 5], ["heap-based buffer", 5], ["heap-based buffer overflow", 5], ["heap-based buffer overflow vulnerability", 5], ["know about", 5], ["attacks per", 5], [" site", 5], [" site scripting", 5], ["0 0.0 . 0", 5], ["risk of", 5], ["for 00", 5], ["arbitrary code execution vulnerability", 5], ["server 0000", 5], ["issues emergency", 5], [" issues emergency", 5], ["take on", 5], ["on more", 5], ["more ddos", 5], ["take on more", 5], ["more ddos attacks", 5], [" app", 5], ["urges users", 5], ["urges users to", 5], [" fixes", 5], ["found a vulnerability", 5], [" server", 5], ["privilege vulnerability", 5], ["from the", 5], ["to know", 5], ["need to know", 5], [": by", 5], ["at risk", 5], ["@koddoscom : by", 5], ["rt @koddoscom : by", 5], [" discloses unpatched", 5], [" discloses unpatched edge", 5], ["flaw in ", 5], ["vulnerability for", 5], ["windows is prone", 5], ["vulnerability-microsoft windows is prone", 5], [" live", 5], ["server (", 5], ["linux kernel", 5], [": #0daytoday", 5], [" internet", 5], ["and devices", 5], [", amazon", 5], [" , amazon", 5], ["microsoft office", 5], ["a major", 5], [". this", 5], ["() \"", 5], ["attack vulnerability", 5], [": ddos", 5], ["vulnerability and", 5], ["was classified as", 5], ["which was classified as", 5], ["0.00 , 0.00", 5], ["ddos attacks on ", 5], ["in allows", 5], ["unknown vulnerability", 5], ["java se", 5], [": office", 5], ["up to 0.0 .", 4], ["for #ddos", 4], [") -", 4], [" 0.0 .", 4], ["prone to a", 4], ["for arbitrary", 4], ["allow for arbitrary", 4], ["could allow for arbitrary", 4], ["is in", 4], ["industrial automation", 4], [": industrial", 4], [" industrial automation", 4], [": industrial automation", 4], [", and", 4], [" : \"", 4], ["on : \"", 4], [": [", 4], ["#security : [", 4], ["#vulnerability #security : [", 4], [" cve-0000-00000", 4], ["( cve-0000-00000)", 4], ["security flaws", 4], ["suffered ddos attacks", 4], ["xss vulnerability", 4], [" ?", 4], ["vulnerability on the", 4], [" word", 4], ["been found in google", 4], ["cve-0000-00000 : ", 4], [" patches", 4], ["i think", 4], ["servers .", 4], ["ars technica", 4], ["for devices .", 4], ["your ", 4], ["a vulnerability that", 4], [": critical", 4], ["in remote", 4], [" remote desktop", 4], ["escalation vulnerability-microsoft", 4], ["privilege escalation vulnerability-microsoft", 4], ["escalation vulnerability-microsoft windows", 4], ["local privilege escalation vulnerability-microsoft", 4], ["privilege escalation vulnerability-microsoft windows", 4], ["security researcher", 4], [", a", 4], ["an exposure", 4], ["exposure of", 4], ["of sensitive", 4], ["information vulnerability", 4], ["an exposure of", 4], ["exposure of sensitive", 4], ["of sensitive information", 4], ["sensitive information vulnerability", 4], ["information vulnerability exists", 4], ["an exposure of sensitive", 4], ["exposure of sensitive information", 4], ["of sensitive information vulnerability", 4], ["sensitive information vulnerability exists", 4], ["information vulnerability exists in", 4], ["could be exploited", 4], ["cve-0000-0000 remote code", 4], ["cve-0000-0000 remote code execution", 4], ["of ddos", 4], [" sql", 4], [" sql injection", 4], [" sql injection vulnerability", 4], [" clearpass", 4], ["scripting vulnerability in", 4], [": this", 4], ["cve-0000-0000 a vulnerability", 4], ["cve-0000-0000 a vulnerability in", 4], ["find vulnerability", 4], ["find vulnerability in", 4], ["chipsets allows", 4], ["allows for", 4], ["for code", 4], ["tegra chipsets allows", 4], ["chipsets allows for", 4], ["allows for code", 4], ["for code execution", 4], [" tegra chipsets allows", 4], ["tegra chipsets allows for", 4], ["chipsets allows for code", 4], ["allows for code execution", 4], [" framework", 4], ["with a ddos", 4], ["0 and", 4], ["intel , ", 4], ["( xxe", 4], ["xxe )", 4], ["( xxe )", 4], ["xxe ) vulnerability", 4], ["( xxe ) vulnerability", 4], [" could", 4], ["- vulnerability", 4], ["another password", 4], ["another password vulnerability", 4], ["password vulnerability has", 4], ["another password vulnerability has", 4], ["password vulnerability has been", 4], ["management interface", 4], ["command injection", 4], ["command injection vulnerability", 4], ["security vulnerability .", 4], ["critical #vulnerability", 4], ["a critical #vulnerability", 4], [". 0.000 and earlier", 4], ["a new vulnerability", 4], ["device guard", 4], ["cve-0000-00000 remote", 4], [" device guard", 4], ["vulnerability can", 4], ["icymi :", 4], ["vulnerability affecting", 4], ["discovered a vulnerability", 4], ["publisher plugin", 4], ["-- >", 4], ["researchers have", 4], ["serious security", 4], [" are", 4], ["a critical vulnerability in", 4], ["exploited to", 4], ["be exploited to", 4], ["affects hundreds", 4], ["hundreds of", 4], ["of thousands", 4], ["thousands of", 4], ["vulnerability affects hundreds", 4], ["affects hundreds of", 4], ["hundreds of thousands", 4], ["of thousands of", 4], ["thousands of ", 4], ["vulnerability affects hundreds of", 4], ["affects hundreds of thousands", 4], ["hundreds of thousands of", 4], ["of thousands of ", 4], ["thousands of devices", 4], ["vulnerability ?", 4], ["the hacker", 4], ["hacker news", 4], ["the hacker news", 4], ["a serious vulnerability", 4], ["cisco ios", 4], [" sharepoint", 4], [", 0.0 . 0", 4], ["a zero-day vulnerability", 4], ["cve-0000-0000 cross-site", 4], ["cross-site request", 4], ["( csrf", 4], ["csrf )", 4], ["cross-site request forgery", 4], ["forgery ( csrf", 4], ["( csrf )", 4], ["csrf ) vulnerability", 4], ["cross-site request forgery (", 4], ["request forgery ( csrf", 4], ["forgery ( csrf )", 4], ["( csrf ) vulnerability", 4], ["csrf ) vulnerability in", 4], [") vulnerability in the", 4], ["use-after-free memory", 4], ["use-after-free memory corruption", 4], ["use-after-free memory corruption :", 4], ["device since", 4], ["by rampage", 4], ["rampage vulnerability", 4], [" device since", 4], ["device since 0000", 4], ["impacted by rampage", 4], ["by rampage vulnerability", 4], ["every device since", 4], [" device since 0000", 4], ["device since 0000 impacted", 4], ["0000 impacted by rampage", 4], ["impacted by rampage vulnerability", 4], ["local denial", 4], ["local denial of", 4], ["local denial of service", 4], ["on snapdragon", 4], ["snapdragon qualcomm", 4], ["android on snapdragon", 4], ["on snapdragon qualcomm", 4], [" android on snapdragon", 4], ["android on snapdragon qualcomm", 4], ["cve-0000-0000 cross site scripting", 4], ["vulnerability impacts", 4], ["like ", 4], ["are now", 4], ["now targeting", 4], ["are now targeting", 4], ["now targeting ", 4], ["targeting ,", 4], ["and the nra", 4], ["are now targeting ", 4], ["now targeting ,", 4], [", and the nra", 4], ["newly discovered", 4], ["nra suffered", 4], ["attacks via", 4], ["nra suffered ddos", 4], [" inbox", 4], ["vulnerability lets attackers", 4], ["read more", 4], ["my ", 4], ["devices ,", 4], ["the oracle", 4], ["in the oracle", 4], ["vulnerability in the oracle", 4], ["according to", 4], ["is prone to an", 4], ["- cve-0000-0000", 4], [" firewalls", 4], ["firewalls remote", 4], [" firewalls remote", 4], ["in a", 4], ["vulnerability in player", 4], ["a system", 4], ["system privilege", 4], ["system privilege escalation", 4], ["system privilege escalation vulnerability", 4], ["on the rise", 4], ["android up", 4], ["as problematic", 4], [" android up", 4], ["android up to", 4], ["classified as problematic", 4], [" android up to", 4], ["android up to 0.0", 4], ["local privilege escalation vulnerability", 4], ["00 .", 4], ["https:t .", 4], ["cve-0000-0000000 :", 4], ["by 00", 4], ["00 ddos", 4], ["per hour", 4], ["hour in", 4], ["hit by 00", 4], ["by 00 ddos", 4], ["00 ddos attacks", 4], ["ddos attacks per", 4], ["attacks per hour", 4], ["per hour in", 4], ["hour in 0000", 4], [" hit by 00", 4], ["hit by 00 ddos", 4], ["by 00 ddos attacks", 4], ["00 ddos attacks per", 4], ["ddos attacks per hour", 4], ["attacks per hour in", 4], ["per hour in 0000", 4], ["post (", 4], ["os vulnerability", 4], ["vulnerability posed", 4], ["posed risk", 4], ["of hacking", 4], ["hacking to", 4], ["users for", 4], ["00 years", 4], ["new post (", 4], ["os vulnerability posed", 4], ["vulnerability posed risk", 4], ["posed risk of", 4], ["of hacking to", 4], ["to users", 4], [" users for", 4], ["users for 00", 4], ["for 00 years", 4], ["os vulnerability posed risk", 4], ["vulnerability posed risk of", 4], ["to users for", 4], [" users for 00", 4], ["users for 00 years", 4], ["attacks ,", 4], ["issues emergency windows", 4], [" issues emergency windows", 4], ["issues emergency windows security", 4], [" government", 4], ["on windows", 4], ["at the", 4], ["google project", 4], ["google project zero", 4], ["on more ddos", 4], ["take on more ddos", 4], ["on more ddos attacks", 4], [" app vulnerability", 4], ["management module", 4], ["integrated management module", 4], [" integrated management module", 4], ["ddos ?", 4], ["fixes windows", 4], [" fixes windows", 4], ["fixes windows 00", 4], ["00 vulnerability but", 4], [" fixes windows 00", 4], ["fixes windows 00 vulnerability", 4], ["windows 00 vulnerability but", 4], ["cve-0000-0000 #patch", 4], [") for", 4], ["in all", 4], ["'s ", 4], ["found a vulnerability in", 4], [" edge", 4], ["allows an", 4], ["- remote", 4], ["plugin up", 4], ["to 0.00", 4], ["plugin up to", 4], ["up to 0.00", 4], ["plugin up to 0.00", 4], ["you need", 4], ["you need to", 4], ["has bee", 4], ["escalation vulnerability )", 4], [") has bee", 4], ["privilege escalation vulnerability )", 4], [": vulnerability in ", 4], [" cve-0000-0000", 4], ["contains a", 4], ["north korean", 4], ["#security : kernel", 4], ["linked to", 4], ["to ddos attack", 4], ["out-of-bounds read", 4], ["rt @inj0ct0r", 4], ["@inj0ct0r :", 4], ["rt @inj0ct0r :", 4], ["@inj0ct0r : #0daytoday", 4], ["rt @inj0ct0r : #0daytoday", 4], ["in ,", 4], [" graphics", 4], ["under ddos", 4], ["bitcoin ", 4], ["that a", 4], ["#ddos attack on", 4], [", amazon ,", 4], [" , amazon ,", 4], ["take over", 4], [" immediately", 4], ["immediately to", 4], ["update immediately", 4], [" immediately to", 4], ["immediately to patch", 4], ["to patch a", 4], ["patch a high", 4], ["a high severity", 4], ["update immediately to", 4], [" immediately to patch", 4], ["immediately to patch a", 4], ["to patch a high", 4], ["patch a high severity", 4], ["used to", 4], ["vulnerability \"", 4], [" account", 4], ["internet graphics", 4], ["graphics server", 4], ["internet graphics server", 4], [" '", 4], ["rt thehackersnews", 4], ["in devices", 4], ["massive #ddos", 4], [" skia", 4], [", playstation", 4], ["a dos", 4], [" traffic", 4], ["( ats", 4], ["ats )", 4], ["attack vulnerability in", 4], ["in traffic", 4], [" traffic server", 4], ["traffic server (", 4], ["server ( ats", 4], ["( ats )", 4], ["ats ) 0.0", 4], ["vulnerability in traffic", 4], ["in traffic server", 4], [" traffic server (", 4], ["traffic server ( ats", 4], ["server ( ats )", 4], ["( ats ) 0.0", 4], ["ats ) 0.0 .", 4], ["microsoft edge", 4], ["for mac", 4], ["to fix", 4], ["() memory", 4], ["() memory corruption", 4], ["() memory corruption :", 4], [": microsoft", 4], ["visual studio", 4], [" that", 4], ["office memory", 4], [" office memory", 4], ["office memory corruption", 4], [" office memory corruption", 4], ["office memory corruption vulnerability", 4], ["office 0000", 4], ["as a", 4], ["of (", 4], [" ( subcomponent", 4], ["component of (", 4], ["of ( subcomponent", 4], ["the details", 4], ["of an", 4], ["the details of", 4], ["#exploit ]", 4], ["if you", 4], ["vulnerability in allows", 4], ["discovered in ", 4], ["tegra x0", 4], [", 0.00 , 0.00", 4], ["what ", 3], [", g", 3], ["g suite", 3], ["and chrome", 3], ["the industry-wide", 3], ["industry-wide cpu", 3], ["what ,", 3], [" , g", 3], [", g suite", 3], ["the industry-wide cpu", 3], ["industry-wide cpu vulnerability", 3], ["what , g", 3], [" , g suite", 3], ["the industry-wide cpu vulnerability", 3], ["zdi-00-000 :", 3], [". js", 3], ["use-after-free remote", 3], ["zdi-00-000 : ", 3], ["use-after-free remote code", 3], ["use-after-free remote code execution", 3], ["for #ddos attacks", 3], ["patch for", 3], ["0 . x", 3], ["'s windows", 3], [" 's windows", 3], ["stack based", 3], ["based buffer", 3], ["stack based buffer", 3], [" fineart", 3], ["fineart gallery", 3], ["gallery australia", 3], ["australia sql", 3], [" fineart gallery", 3], ["fineart gallery australia", 3], ["gallery australia sql", 3], ["australia sql injection", 3], [" fineart gallery australia", 3], ["fineart gallery australia sql", 3], ["gallery australia sql injection", 3], ["australia sql injection vulnerability", 3], ["exploit ", 3], ["more https:t.co0lmova0cxz", 3], ["see more https:t.co0lmova0cxz", 3], [", see more https:t.co0lmova0cxz", 3], ["[ dos", 3], ["] -", 3], [": cve-0000-00000", 3], [" cve-0000-00000 information", 3], ["vuln : cve-0000-00000", 3], [" cve-0000-00000 information disclosure", 3], ["there was", 3], ["was a", 3], ["there was a", 3], ["execution vulnerability in ", 3], ["in microsoft", 3], [" publishes", 3], ["publishes list", 3], ["list showing", 3], ["showing which", 3], ["to meltdown", 3], [" publishes list", 3], ["publishes list showing", 3], ["list showing which", 3], ["vulnerable to meltdown", 3], ["to meltdown vulnerability", 3], [" publishes list showing", 3], ["publishes list showing which", 3], ["are vulnerable to meltdown", 3], ["vulnerable to meltdown vulnerability", 3], ["this vulnerability is", 3], ["hardware vulnerability", 3], [" &", 3], [": new zero-day", 3], [": new zero-day vulnerability", 3], ["identity management", 3], ["cve-0000-0000 xml", 3], ["cve-0000-0000 xml external", 3], ["cve-0000-0000 xml external entity", 3], ["on 's", 3], ["mining vulnerability", 3], ["android -", 3], ["framework (", 3], ["related to", 3], [" android -", 3], ["android - score", 3], ["0.0 a vulnerability", 3], [": android -", 3], [" android - score", 3], ["android - score :", 3], [": 0.0 a vulnerability", 3], ["0.0 a vulnerability in", 3], ["such as", 3], ["have been", 3], ["as and", 3], ["service (", 3], ["before 0", 3], ["x before", 3], ["before 0 .", 3], [". x before", 3], ["injection vulnerability in ", 3], [" just", 3], ["ddos against", 3], ["@cisco drops", 3], ["@cisco drops a", 3], ["@cisco drops a mega-vulnerability", 3], ["was found in ", 3], [". there", 3], [": critical vulnerability", 3], [": critical vulnerability in", 3], ["in remote desktop", 3], ["new ", 3], ["new vulnerability", 3], [" versions", 3], ["in versions", 3], ["0 , a", 3], [". 0 , a", 3], ["... -", 3], ["of ddos attacks", 3], ["scripting : a", 3], ["site scripting : a", 3], ["scripting : a vulnerability", 3], [". learn", 3], ["in hpe", 3], ["hpe ", 3], ["vulnerability in hpe", 3], ["in hpe ", 3], ["hpe clearpass", 3], ["vulnerability in hpe ", 3], ["in hpe clearpass", 3], ["usb restricted", 3], ["restricted mode", 3], ["mode for", 3], ["security researchers find", 3], ["researchers find vulnerability", 3], ["usb restricted mode", 3], ["restricted mode for", 3], ["mode for ", 3], ["security researchers find vulnerability", 3], ["researchers find vulnerability in", 3], ["usb restricted mode for", 3], ["restricted mode for ", 3], ["mode for devices", 3], ["teamcymru :", 3], ["#vulnerability in tegra", 3], ["with a ddos attack", 3], ["yesterday ,", 3], [" , and", 3], ["windows 0", 3], ["has released", 3], [" r0", 3], ["vulnerability in windows", 3], ["of #ddos", 3], [" environments", 3], ["of #ddos attacks", 3], ["of #ddos attacks on", 3], ["#ddos attacks on ", 3], [" focus", 3], [") and", 3], ["threatmeter : cve-0000-0000", 3], ["in focus", 3], ["xxe ) vulnerability in", 3], [": a vulnerability in", 3], ["cve-0000-0000 - vulnerability", 3], ["- vulnerability in", 3], ["of .", 3], ["cve-0000-0000 - vulnerability in", 3], ["- vulnerability in the", 3], ["component of .", 3], ["many ", 3], [": 's", 3], ["in windows 00", 3], ["can be exploited", 3], ["shut down", 3], ["a security vulnerability .", 3], [") exists", 3], ["cve-0000-0000 ) exists", 3], [") exists in", 3], ["( cve-0000-0000 ) exists", 3], ["cve-0000-0000 ) exists in", 3], [") exists in ", 3], ["exists in player", 3], [" for", 3], ["devices that", 3], ["full control", 3], ["cve-0000-00000) :", 3], ["execution vulnerability (", 3], ["vulnerability ( cve-0000-00000)", 3], ["( cve-0000-00000) :", 3], ["code execution vulnerability (", 3], ["vulnerability ( cve-0000-00000) :", 3], ["report :", 3], ["guard cve-0000-00000", 3], ["device guard cve-0000-00000", 3], ["guard cve-0000-00000 remote", 3], ["cve-0000-00000 remote security", 3], ["remote security bypass", 3], [" device guard cve-0000-00000", 3], ["device guard cve-0000-00000 remote", 3], ["guard cve-0000-00000 remote security", 3], ["cve-0000-00000 remote security bypass", 3], ["remote security bypass vulnerability", 3], [": mac", 3], [" both", 3], ["both affected", 3], ["by big", 3], ["big chip", 3], ["and both", 3], [" both affected", 3], ["both affected by", 3], ["affected by big", 3], ["by big chip", 3], ["mac and both", 3], ["and both affected", 3], [" both affected by", 3], ["both affected by big", 3], ["affected by big chip", 3], ["#bitcoin ", 3], ["a path", 3], ["path traversal", 3], [" html", 3], ["html publisher", 3], ["and older", 3], ["older in", 3], ["a path traversal", 3], ["path traversal vulnerability", 3], ["traversal vulnerability exists", 3], ["in html", 3], ["and older in", 3], ["a path traversal vulnerability", 3], ["path traversal vulnerability exists", 3], ["traversal vulnerability exists in", 3], ["exists in html", 3], ["google and", 3], ["a serious security", 3], ["serious security vulnerability", 3], ["a serious security vulnerability", 3], ["bypass vulnerability [", 3], ["#cisco drops a mega-vulnerability", 3], ["ddos attack .", 3], ["a ddos attack .", 3], [" camera", 3], ["in camera", 3], ["i liked", 3], ["liked a", 3], ["a @youtube", 3], ["@youtube video", 3], ["i liked a", 3], ["liked a @youtube", 3], ["a @youtube video", 3], ["i liked a @youtube", 3], ["liked a @youtube video", 3], ["be aware", 3], ["aware of", 3], ["is currently", 3], ["no patch", 3], ["on devices .", 3], ["serious vulnerability has", 3], ["another vulnerability", 3], [". supported", 3], ["rdp vulnerability", 3], ["almost all", 3], [" on", 3], ["allow hackers", 3], ["allow hackers to", 3], ["hackers to steal", 3], ["it on", 3], ["0000 -", 3], ["by ddos", 3], ["apps for", 3], ["meltdown and", 3], ["and spectre", 3], ["meltdown and spectre", 3], ["access to ", 3], [" epolicy", 3], ["orchestrator (", 3], ["( epo", 3], ["epo )", 3], ["in epolicy", 3], ["epolicy orchestrator (", 3], ["orchestrator ( epo", 3], ["( epo )", 3], ["vulnerability in epolicy", 3], ["epolicy orchestrator ( epo", 3], ["orchestrator ( epo )", 3], ["flash player", 3], ["zero-day vulnerability in ", 3], ["clearpass policy", 3], ["policy manager", 3], [" clearpass policy", 3], ["clearpass policy manager", 3], [" clearpass policy manager", 3], [" discovered", 3], ["html page", 3], ["the financial", 3], ["in the financial", 3], ["the financial services", 3], [" mysql server", 3], ["service vulnerability )", 3], ["of service vulnerability )", 3], [", and other", 3], ["via @youtube", 3], ["script vulnerability exposes", 3], ["apps script vulnerability exposes", 3], ["severe electron", 3], ["electron framework", 3], ["framework vulnerability", 3], ["impacts apps", 3], ["apps like", 3], ["severe electron framework", 3], ["electron framework vulnerability", 3], ["framework vulnerability impacts", 3], ["vulnerability impacts apps", 3], ["impacts apps like", 3], ["apps like ", 3], ["severe electron framework vulnerability", 3], ["electron framework vulnerability impacts", 3], ["framework vulnerability impacts apps", 3], ["vulnerability impacts apps like", 3], ["impacts apps like ", 3], [" ...", 3], ["the door", 3], ["has a vulnerability", 3], ["a newly", 3], ["discovered security", 3], ["a newly discovered", 3], ["newly discovered security", 3], ["discovered security vulnerability", 3], ["a newly discovered security", 3], ["newly discovered security vulnerability", 3], ["via memcached", 3], ["memcached servers", 3], ["ddos attacks via", 3], ["attacks via memcached", 3], ["via memcached servers", 3], ["nra suffered ddos attacks", 3], ["suffered ddos attacks via", 3], ["ddos attacks via memcached", 3], ["attacks via memcached servers", 3], ["inbox spoofing", 3], [" inbox spoofing", 3], ["inbox spoofing vulnerability", 3], [" inbox spoofing vulnerability", 3], ["the recent", 3], [" devices ,", 3], ["to 's", 3], ["devices |", 3], [" devices |", 3], [": apps", 3], ["script vulnerability could", 3], [": apps script", 3], ["apps script vulnerability could", 3], ["remote root", 3], ["root code", 3], ["serious vulnerability in", 3], ["firewalls remote root", 3], ["remote root code", 3], ["root code execution", 3], [" firewalls remote root", 3], ["firewalls remote root code", 3], ["remote root code execution", 3], ["appears to", 3], ["the mysql", 3], ["server component", 3], ["mysql (", 3], ["in the mysql", 3], ["the mysql server", 3], ["mysql server component", 3], ["server component of", 3], ["of mysql", 3], [" mysql (", 3], ["vulnerability in the mysql", 3], ["in the mysql server", 3], ["the mysql server component", 3], ["mysql server component of", 3], ["server component of ", 3], ["component of mysql", 3], ["of mysql (", 3], ["pointer dereference", 3], ["vulnerability through", 3], ["news update", 3], ["news update :", 3], ["protonvpn 0.0", 3], ["0 for", 3], [" suffers", 3], ["protonvpn 0.0 .", 3], [". 0 for", 3], ["0 for ", 3], ["for suffers", 3], [" suffers from", 3], ["from a system", 3], ["a system privilege", 3], ["protonvpn 0.0 . 0", 3], ["0.0 . 0 for", 3], [". 0 for ", 3], ["0 for suffers", 3], ["for suffers from", 3], [" suffers from a", 3], ["suffers from a system", 3], ["from a system privilege", 3], ["a system privilege escalation", 3], ["security feature", 3], [": 00server", 3], ["threatmeter : 00server", 3], [": 00server 0000", 3], ["vulnerability classified as problematic", 3], ["desktop protocol", 3], ["cve-0000-0000 denial", 3], ["remote desktop protocol", 3], ["cve-0000-0000 denial of", 3], ["cve-0000-0000 denial of service", 3], ["attack that", 3], [": google", 3], ["google chrome", 3], [": android up", 3], ["about ", 3], [" site scripting :", 3], ["the #meltdown", 3], ["#meltdown vulnerability", 3], ["the #meltdown vulnerability", 3], ["mac os", 3], ["mac os vulnerability", 3], ["risk of hacking", 3], ["hacking to ", 3], ["mac os vulnerability posed", 3], ["posed risk of hacking", 3], ["risk of hacking to", 3], ["of hacking to ", 3], ["hacking to users", 3], ["blog post", 3], ["ddos attacks ,", 3], [": won't", 3], [": won't patch", 3], ["na -", 3], ["na - cve-0000-0000", 3], ["- cve-0000-0000 -", 3], ["cve-0000-0000 - ", 3], ["na - cve-0000-0000 -", 3], [" home", 3], [": prior", 3], ["threatmeter : prior", 3], [": prior 00.0", 3], ["edge browser", 3], ["details of a", 3], ["to malicious", 3], ["malicious websites", 3], ["users to malicious", 3], ["that are", 3], ["researcher has", 3], ["disclosed a", 3], ["#security vulnerability", 3], ["issues alert", 3], [", urges", 3], ["to move", 3], ["move funds", 3], ["issues alert on", 3], ["alert on ", 3], ["on app", 3], ["app vulnerability ,", 3], ["vulnerability , urges", 3], [", urges users", 3], ["users to move", 3], ["to move funds", 3], ["issues alert on ", 3], ["alert on app", 3], ["on app vulnerability", 3], [" app vulnerability ,", 3], ["app vulnerability , urges", 3], ["vulnerability , urges users", 3], [", urges users to", 3], ["urges users to move", 3], ["users to move funds", 3], [" maps", 3], ["it 's", 3], ["execute code", 3], ["bulletin : vulnerability", 3], ["security bulletin : vulnerability", 3], ["bulletin : vulnerability in", 3], ["#vulnerability that", 3], ["severe vulnerability", 3], ["vulnerability in all", 3], ["in all ", 3], ["in all devices", 3], [" threat", 3], [", signal", 3], ["signal ,", 3], [", slack", 3], [", signal ,", 3], ["made public", 3], ["a patch", 3], ["password manager", 3], ["to be a", 3], ["the nvd", 3], ["nvd :", 3], ["an elevation", 3], ["elevation of", 3], ["of privilege", 3], ["new vulnerability on", 3], ["on the nvd", 3], ["the nvd :", 3], ["an elevation of", 3], ["elevation of privilege", 3], ["of privilege vulnerability", 3], ["new vulnerability on the", 3], ["vulnerability on the nvd", 3], ["on the nvd :", 3], ["an elevation of privilege", 3], ["elevation of privilege vulnerability", 3], ["#meltdown #spectre", 3], ["code for", 3], ["scripting engine", 3], ["engine vulnerability", 3], [") in", 3], ["cve-0000-0000 ) in", 3], [") in ", 3], ["( cve-0000-0000 ) in", 3], ["cve-0000-0000 ) in ", 3], ["to know about", 3], ["you need to know", 3], ["need to know about", 3], ["by @darkreading", 3], ["@darkreading #darkreading", 3], [": by @darkreading", 3], ["by @darkreading #darkreading", 3], ["@koddoscom : by @darkreading", 3], [": by @darkreading #darkreading", 3], ["zero has", 3], ["has made", 3], ["project zero has", 3], ["zero has made", 3], ["google project zero has", 3], ["project zero has made", 3], ["driver privilege", 3], ["driver privilege escalation", 3], ["driver privilege escalation vulnerability", 3], ["escalation vulnerability ) has", 3], ["vulnerability ) has bee", 3], ["and more", 3], ["and asia", 3], ["asia take", 3], [" and asia", 3], ["and asia take", 3], ["asia take on", 3], [" and asia take", 3], ["and asia take on", 3], ["asia take on more", 3], ["contains a vulnerability", 3], ["contains a vulnerability in", 3], ["heap-based memory", 3], ["heap-based memory corruption", 3], ["heap-based memory corruption :", 3], ["\" vulnerability", 3], ["meltdown patch", 3], [": security", 3], [" client", 3], ["escalation vulnerability-microsoft windows is", 3], ["windows is prone to", 3], ["is prone to a", 3], ["this is", 3], ["servers linked", 3], ["financial network", 3], ["servers linked to", 3], ["on financial", 3], [" financial network", 3], ["attack on financial", 3], ["on financial network", 3], ["driver contains", 3], ["vulnerability due", 3], ["driver contains a", 3], ["vulnerability due to", 3], ["here 's", 3], ["office vulnerability", 3], [" office vulnerability", 3], ["version 0", 3], ["about it", 3], ["( cve-0000-00000", 3], ["cve-0000-00000 )", 3], ["( cve-0000-00000 )", 3], ["#0daytoday ", 3], [": #0daytoday ", 3], ["vulnerability in ,", 3], ["in (", 3], ["discovered a vulnerability in", 3], ["graphics component", 3], ["disclosure (", 3], ["information disclosure (", 3], ["may be", 3], ["integer overflow", 3], ["overflow memory", 3], ["android (", 3], ["integer overflow memory", 3], ["overflow memory corruption", 3], ["google android (", 3], ["android ( the", 3], ["integer overflow memory corruption", 3], ["overflow memory corruption :", 3], ["in google android (", 3], ["google android ( the", 3], ["security alert", 3], ["android nvidia", 3], [" android nvidia", 3], [": #ddos", 3], [" security", 3], ["cve-0000-0000 ", 3], ["to gain", 3], ["control of", 3], ["on live", 3], ["has discovered", 3], ["all mac", 3], ["#ddos attack on ", 3], ["could have", 3], ["kernel information", 3], ["kernel information disclosure", 3], ["one of", 3], ["zero-day ", 3], ["vulnerability discovered in", 3], ["plugin cve-0000-0000000", 3], ["a high severity vulnerability", 3], ["disclosure vulnerability-microsoft", 3], ["information disclosure vulnerability-microsoft", 3], ["an information", 3], ["exists when", 3], ["an information disclosure", 3], ["vulnerability exists when", 3], ["an information disclosure vulnerability", 3], ["server ,", 3], [" internet graphics", 3], ["graphics server ,", 3], ["server , 0.00", 3], [" internet graphics server", 3], ["internet graphics server ,", 3], ["graphics server , 0.00", 3], ["server , 0.00 ,", 3], ["bleeping computer", 3], ["computer |", 3], ["\" vulnerability", 3], ["devices \"", 3], ["bleeping computer |", 3], ["computer | \"", 3], ["bleeping computer | \"", 3], [": #vuln", 3], [": #vuln :", 3], [": #vuln : ", 3], ["the cpu", 3], [" pan-os", 3], [": pan-os", 3], ["time for", 3], ["android vulnerability", 3], ["a ", 3], ["do you", 3], ["#ddos attacks are", 3], [" outlook", 3], ["in outlook", 3], ["spoofing vulnerability )", 3], ["did it", 3], ["family for", 3], ["cve-0000-00000 local", 3], ["thehackersnews \"", 3], ["rt thehackersnews \"", 3], ["severe '", 3], ["' vulnerability", 3], ["a severe '", 3], ["patch a severe '", 3], ["attacks are now", 3], ["amazon , and", 3], ["attacks are now targeting", 3], ["targeting , amazon", 3], [", amazon , and", 3], ["amazon , and the", 3], [": skia", 3], ["@hosselot : skia", 3], ["overflow vulnerability ( cve-0000-0000)", 3], ["playstation &", 3], ["& nra", 3], [" , playstation", 3], [", playstation &", 3], ["playstation & nra", 3], ["& nra suffered", 3], [" , playstation &", 3], [", playstation & nra", 3], ["playstation & nra suffered", 3], ["& nra suffered ddos", 3], ["dos attack", 3], ["is a dos", 3], ["a dos attack", 3], ["dos attack vulnerability", 3], ["there is a dos", 3], ["is a dos attack", 3], ["a dos attack vulnerability", 3], ["dos attack vulnerability in", 3], ["attack vulnerability in ", 3], ["microsoft edge vulnerability", 3], ["office for", 3], ["mac cve-0000-0000", 3], ["cve-0000-0000 spoofing", 3], [" office for", 3], ["office for mac", 3], ["for mac cve-0000-0000", 3], ["mac cve-0000-0000 spoofing", 3], ["cve-0000-0000 spoofing vulnerability", 3], [" office for mac", 3], ["office for mac cve-0000-0000", 3], ["for mac cve-0000-0000 spoofing", 3], ["mac cve-0000-0000 spoofing vulnerability", 3], ["devices [", 3], ["[ updated", 3], ["updated ]", 3], [" devices [", 3], ["devices [ updated", 3], ["[ updated ]", 3], ["for devices [", 3], [" devices [ updated", 3], ["devices [ updated ]", 3], ["down ", 3], ["yet another password", 3], ["yet another password vulnerability", 3], ["when ", 3], [" urges", 3], ["vulnerability in devices", 3], ["android linux", 3], [" android linux", 3], ["android linux kernel", 3], [" android linux kernel", 3], ["vulnerability ...", 3], ["00 ,", 3], [", 0000", 3], ["users '", 3], ["' ", 3], ["an attacker", 3], ["android 0.0", 3], [" android 0.0", 3], ["android 0.0 ", 3], [" android 0.0 ", 3], ["android 0.0 0.0", 3], [" 0.0 . 0", 3], ["in that", 3], [" )", 3], [" visual", 3], ["studio information", 3], [" visual studio", 3], ["visual studio information", 3], ["studio information disclosure", 3], [" visual studio information", 3], ["visual studio information disclosure", 3], ["studio information disclosure vulnerability", 3], ["processing code", 3], ["iphone and", 3], ["read information", 3], ["out-of-bounds read information", 3], ["read information disclosure", 3], ["out-of-bounds read information disclosure", 3], ["read information disclosure vulnerability", 3], ["the affected", 3], ["( the affected", 3], ["today 's", 3], [" office 0000", 3], ["cve-0000-0000 information", 3], ["cve-0000-0000 information disclosure", 3], ["0.00 , 0.00 ,", 3], ["the ddos", 3], [": cve-0000-0000 :", 3], ["new ios", 3], ["| ars", 3], ["#infosec #cybersecurity", 3], ["| ars technica", 3], [" unified", 3], ["unified communications", 3], [" unified communications", 3], ["details of an", 3], ["the details of an", 3], ["execution #vulnerability", 3], ["code execution #vulnerability", 3], ["discovered in 's", 3], ["across ", 3], ["which is", 3], ["() denial", 3], ["() denial of", 3], ["() denial of service", 3], ["se ,", 3], ["the java se", 3], ["java se ,", 3], ["in the java se", 3], ["the java se ,", 3], [" ( subcomponent :", 3], [" to", 3], ["a vulnerability in its", 3], ["processor vulnerability", 3], ["any ", 3], ["type confusion", 3], ["| \" ", 3], ["bitcoin developers", 3], ["bitcoin developers address", 3], ["[ remote", 3], ["'s tegra", 3], [". 0 and", 3], ["0.0 . 0 and", 3], ["new cpu", 3], ["a new cpu", 3], ["[ cve-0000-0000", 3], ["cve-0000-0000 ]", 3], ["[ cve-0000-0000 ]", 3], ["devices -", 3], [" devices -", 3], ["after ", 3], ["[ cve-0000-00000]", 3], ["cve-0000-00000] :", 3], ["[ cve-0000-00000] :", 3], ["cve-0000-00000] : a", 3], ["[ cve-0000-00000] : a", 3], ["cve-0000-00000] : a vulnerability", 3], ["and products", 3], [" updater", 3], ["updater for", 3], ["for macos", 3], ["macos cve-0000-0000", 3], [": updater", 3], [" updater for", 3], ["updater for macos", 3], ["for macos cve-0000-0000", 3], ["macos cve-0000-0000 local", 3], [": updater for", 3], [" updater for macos", 3], ["updater for macos cve-0000-0000", 3], ["for macos cve-0000-0000 local", 3], ["macos cve-0000-0000 local privilege", 3], ["to change", 3], ["android camera", 3], ["camera driver", 3], [" android camera", 3], ["android camera driver", 3], [" android camera driver", 3], ["to hack", 3], ["a massive", 3], ["suite and", 2], ["must know", 2], ["g suite and", 2], ["suite and chrome", 2], [", g suite and", 2], ["g suite and chrome", 2], ["jailed for #ddos", 2], ["#ddos attacks against", 2], ["jailed for #ddos attacks", 2], ["for #ddos attacks against", 2], ["looks like", 2], ["? ", 2], ["i know", 2], ["twitter ,", 2], [", in", 2], [" preparing", 2], ["preparing spectre", 2], ["vulnerability patch", 2], ["for its", 2], ["its shield", 2], ["shield tablet", 2], [" preparing spectre", 2], ["preparing spectre vulnerability", 2], ["spectre vulnerability patch", 2], ["vulnerability patch for", 2], ["patch for its", 2], ["for its shield", 2], ["its shield tablet", 2], [" preparing spectre vulnerability", 2], ["preparing spectre vulnerability patch", 2], ["spectre vulnerability patch for", 2], ["vulnerability patch for its", 2], ["patch for its shield", 2], ["for its shield tablet", 2], [": xbox", 2], ["xbox live", 2], ["live outage", 2], ["outage +", 2], ["+ diablo", 2], ["switch ?", 2], ["+ biggest", 2], ["biggest ddos", 2], ["attack ever", 2], [": xbox live", 2], ["xbox live outage", 2], ["live outage +", 2], ["outage + diablo", 2], ["+ biggest ddos", 2], ["biggest ddos attack", 2], ["ddos attack ever", 2], [": xbox live outage", 2], ["xbox live outage +", 2], ["live outage + diablo", 2], ["+ biggest ddos attack", 2], ["biggest ddos attack ever", 2], [": financial", 2], [". 0 .", 2], [": financial services", 2], ["0.0 . 0 .", 2], ["products cve-0000-0000", 2], ["vulnerability-multiple ", 2], ["products are", 2], ["are prone", 2], ["cve-0000-0000 remote security", 2], ["vulnerability-multiple products", 2], [" products are", 2], ["products are prone", 2], ["are prone to", 2], ["to a remote", 2], ["vulnerability-multiple products are", 2], [" products are prone", 2], ["products are prone to", 2], ["prone to a remote", 2], ["\" rt", 2], [": adobe", 2], ["adobe security", 2], ["bulletin : a", 2], ["security bulletin : a", 2], ["vulnerability leaves", 2], ["open to", 2], ["to attack", 2], [" switch vulnerability", 2], ["open to attack", 2], ["00 s", 2], ["'s windows 00", 2], ["windows 00 s", 2], ["in 's windows", 2], [" 's windows 00", 2], ["automation commgr", 2], ["commgr cve-0000-00000", 2], ["cve-0000-00000 stack", 2], ["industrial automation commgr", 2], ["automation commgr cve-0000-00000", 2], ["commgr cve-0000-00000 stack", 2], ["cve-0000-00000 stack based", 2], [" industrial automation commgr", 2], ["industrial automation commgr cve-0000-00000", 2], ["automation commgr cve-0000-00000 stack", 2], ["commgr cve-0000-00000 stack based", 2], ["cve-0000-00000 stack based buffer", 2], ["crash denial", 2], ["in https:t.co", 2], ["crash denial of", 2], ["found in https:t.co", 2], ["crash denial of service", 2], ["malware targeting", 2], ["but the", 2], ["office vulnerabilities", 2], ["vulnerabilities to", 2], ["#vulnerability #infosec", 2], ["exploit office", 2], [" office vulnerabilities", 2], ["office vulnerabilities to", 2], [" office vulnerabilities to", 2], ["dos ]", 2], [": [ dos", 2], ["[ dos ]", 2], ["dos ] ", 2], ["#security : [ dos", 2], [": [ dos ]", 2], ["[ dos ] ", 2], [": cve-0000-00000 information", 2], ["cve-0000-00000 information disclosure vulnerability", 2], ["engine (", 2], ["in malware", 2], ["protection engine (", 2], ["vulnerability in malware", 2], ["in malware protection", 2], ["malware protection engine (", 2], ["including ", 2], ["0000 storage", 2], ["storage services", 2], ["services memory", 2], ["00server 0000 storage", 2], ["0000 storage services", 2], ["storage services memory", 2], ["services memory corruption", 2], ["found in microsoft", 2], [" 00server 0000 storage", 2], ["00server 0000 storage services", 2], ["0000 storage services memory", 2], ["storage services memory corruption", 2], ["services memory corruption :", 2], ["was found in microsoft", 2], ["source of", 2], ["of this", 2], ["is the", 2], ["which allows", 2], ["of this vulnerability", 2], [", which allows", 2], ["device is", 2], ["is susceptible", 2], ["susceptible to", 2], ["a hardware", 2], ["vulnerability called", 2], ["called rampage", 2], [" device is", 2], ["device is susceptible", 2], ["is susceptible to", 2], ["susceptible to a", 2], ["to a hardware", 2], ["a hardware vulnerability", 2], ["hardware vulnerability called", 2], ["vulnerability called rampage", 2], ["every device is", 2], [" device is susceptible", 2], ["device is susceptible to", 2], ["is susceptible to a", 2], ["susceptible to a hardware", 2], ["to a hardware vulnerability", 2], ["a hardware vulnerability called", 2], ["hardware vulnerability called rampage", 2], ["recently discovered", 2], ["more info", 2], ["amazon , ", 2], [", &", 2], ["amazon , &", 2], ["i found", 2], ["an xss", 2], ["- by", 2], ["an xss vulnerability", 2], ["in ?", 2], ["on cyber", 2], ["cyber security", 2], ["security and", 2], [": 00%", 2], [" struts", 2], [": 00% of", 2], [" identity", 2], ["management cve-0000-0000", 2], ["entity injection", 2], [" identity management", 2], ["identity management cve-0000-0000", 2], ["management cve-0000-0000 xml", 2], ["external entity injection", 2], [" identity management cve-0000-0000", 2], ["identity management cve-0000-0000 xml", 2], ["management cve-0000-0000 xml external", 2], ["xml external entity injection", 2], ["-- a", 2], ["a windows", 2], ["security firm", 2], ["firm votiro", 2], ["votiro claims", 2], ["claims crypto", 2], ["crypto mining", 2], ["security firm votiro", 2], ["firm votiro claims", 2], ["votiro claims crypto", 2], ["claims crypto mining", 2], ["crypto mining vulnerability", 2], ["mining vulnerability in", 2], ["in word", 2], ["security firm votiro claims", 2], ["firm votiro claims crypto", 2], ["votiro claims crypto mining", 2], ["claims crypto mining vulnerability", 2], ["crypto mining vulnerability in", 2], ["mining vulnerability in ", 2], ["vulnerability in word", 2], ["researcher discovered", 2], ["memory leak", 2], ["leak denial", 2], ["memory leak denial", 2], ["leak denial of", 2], ["memory leak denial of", 2], ["leak denial of service", 2], ["android media", 2], ["android media framework", 2], ["on their", 2], ["by the", 2], ["such as ", 2], ["due to ddos", 2], ["to ddos attacks", 2], ["0.00 . 0", 2], ["sql injection vulnerability in", 2], ["just ddos", 2], ["you .", 2], [" just ddos", 2], ["against the", 2], [". why", 2], ["a ddos against", 2], ["against the ", 2], [" forms", 2], ["server-side request", 2], ["( ssrf", 2], ["ssrf )", 2], ["server-side request forgery", 2], ["forgery ( ssrf", 2], ["( ssrf )", 2], ["request forgery ( ssrf", 2], ["forgery ( ssrf )", 2], ["psa :", 2], [": update", 2], ["update your", 2], [" password", 2], [". there was", 2], ["was a vulnerability", 2], [". there was a", 2], ["there was a vulnerability", 2], ["steal data", 2], ["attackers to steal", 2], ["to steal data", 2], ["vulnerability in remote", 2], ["allows attackers to steal", 2], [" named", 2], ["named pipe", 2], ["pipe file", 2], ["file system", 2], [" named pipe", 2], ["named pipe file", 2], ["pipe file system", 2], [" named pipe file", 2], ["named pipe file system", 2], ["discovered by", 2], ["the security", 2], ["vulnerability discovered by", 2], ["released since", 2], ["vulnerability #android", 2], ["released since 0000", 2], [" after", 2], ["versions 0.00", 2], [". 0-", 2], ["0- 0.000", 2], ["0.000 .", 2], ["the garden-linux", 2], [" versions 0.00", 2], ["versions 0.00 .", 2], ["0.00 . 0-", 2], [". 0- 0.000", 2], ["0- 0.000 .", 2], ["0.000 . 0", 2], [", a vulnerability", 2], ["discovered in the", 2], ["in the garden-linux", 2], ["in versions 0.00", 2], [" versions 0.00 .", 2], ["versions 0.00 . 0-", 2], ["0.00 . 0- 0.000", 2], [". 0- 0.000 .", 2], ["0- 0.000 . 0", 2], ["0.000 . 0 ,", 2], ["0 , a vulnerability", 2], [", a vulnerability has", 2], ["been discovered in the", 2], ["discovered in the garden-linux", 2], ["attack from", 2], ["ddos attack from", 2], [", could", 2], ["attacks with", 2], ["ddos attacks with", 2], ["attacks with ", 2], ["ddos attacks with ", 2], [": ibm", 2], ["cross site scripting :", 2], ["a reflected", 2], ["reflected cross", 2], ["a reflected cross", 2], ["reflected cross site", 2], ["a reflected cross site", 2], ["reflected cross site scripting", 2], ["site scripting vulnerability in", 2], ["scripting vulnerability in hpe", 2], ["in servers", 2], ["vulnerability in servers", 2], ["deserialization :", 2], ["this metasploit", 2], ["metasploit module", 2], ["module exploits", 2], ["deserialization : this", 2], [": this metasploit", 2], ["this metasploit module", 2], ["metasploit module exploits", 2], ["deserialization : this metasploit", 2], [": this metasploit module", 2], ["this metasploit module exploits", 2], ["execution #security", 2], ["code execution #security", 2], ["for code execution #security", 2], ["cve-0000-00000 (", 2], [": an", 2], ["service vulnerability in", 2], ["the framework", 2], [" framework (", 2], ["of service vulnerability in", 2], ["in the framework", 2], ["the framework (", 2], [" with a", 2], [" with a ddos", 2], ["( ddos", 2], ["ddos )", 2], ["attack is", 2], ["is still", 2], ["of service (", 2], ["service ( ddos", 2], ["( ddos )", 2], ["denial of service (", 2], ["of service ( ddos", 2], ["service ( ddos )", 2], ["memory access", 2], ["to hackers", 2], ["microsoft has", 2], ["to address", 2], ["with widespread", 2], ["widespread computer-chip", 2], ["computer-chip vulnerability", 2], ["with widespread computer-chip", 2], ["widespread computer-chip vulnerability", 2], ["with widespread computer-chip vulnerability", 2], ["seven effects", 2], ["effects of", 2], ["seven effects of", 2], ["effects of #ddos", 2], ["on environments", 2], ["seven effects of #ddos", 2], ["effects of #ddos attacks", 2], ["attacks on environments", 2], ["entity (", 2], ["external entity (", 2], ["entity ( xxe", 2], ["xml external entity (", 2], ["external entity ( xxe", 2], ["entity ( xxe )", 2], ["vulnerability in focus", 2], ["its ", 2], ["and ddos", 2], ["threatmeter : a", 2], ["in could", 2], [" could allow", 2], ["for arbitrary code", 2], ["threatmeter : a vulnerability", 2], ["vulnerability in could", 2], ["in could allow", 2], [" could allow for", 2], ["allow for arbitrary code", 2], ["for arbitrary code execution", 2], ["#news :", 2], ["the third", 2], ["third time", 2], ["time in", 2], ["months ,", 2], ["for the third", 2], ["the third time", 2], ["third time in", 2], ["for the third time", 2], ["the third time in", 2], [" networks", 2], ["networks pan-os", 2], ["web management", 2], [" networks pan-os", 2], ["zero discloses", 2], ["' important", 2], ["important '", 2], ["project zero discloses", 2], ["' important '", 2], ["security vulnerability in windows", 2], ["vulnerability in windows 00", 2], ["how to ddos", 2], ["of information", 2], ["to inject", 2], ["vulnerability allows attackers", 2], ["attackers to inject", 2], ["vulnerability allows attackers to", 2], ["allows attackers to inject", 2], ["#vulnerability (", 2], ["earlier versions", 2], ["versions .", 2], ["critical #vulnerability (", 2], ["#vulnerability ( cve-0000-0000", 2], ["and earlier versions", 2], ["earlier versions .", 2], ["a critical #vulnerability (", 2], ["critical #vulnerability ( cve-0000-0000", 2], ["#vulnerability ( cve-0000-0000 )", 2], ["0.000 and earlier versions", 2], ["and earlier versions .", 2], [", including", 2], ["rampage ,", 2], ["affecting all", 2], [" devices that", 2], [": report", 2], ["internet of", 2], ["of things", 2], ["internet of things", 2], ["vulnerability disclosure", 2], ["led to", 2], ["critical flaw", 2], ["microsoft ,", 2], [" respond", 2], ["respond to", 2], ["to intel", 2], ["intel chip", 2], ["and respond", 2], [" respond to", 2], ["respond to intel", 2], ["to intel chip", 2], ["intel chip vulnerability", 2], ["and respond to", 2], [" respond to intel", 2], ["respond to intel chip", 2], ["to intel chip vulnerability", 2], ["apple :", 2], [": mac and", 2], ["big chip vulnerability", 2], [": mac and ", 2], ["by big chip vulnerability", 2], ["server side", 2], ["chaios vulnerability", 2], ["can block", 2], ["block ", 2], ["'s messaging", 2], ["messaging ,", 2], [", freeze", 2], ["freeze devices", 2], ["chaios vulnerability can", 2], ["vulnerability can block", 2], ["can block ", 2], ["block 's", 2], [" 's messaging", 2], ["'s messaging ,", 2], ["messaging , freeze", 2], [", freeze devices", 2], ["chaios vulnerability can block", 2], ["vulnerability can block ", 2], ["can block 's", 2], ["block 's messaging", 2], [" 's messaging ,", 2], ["'s messaging , freeze", 2], ["messaging , freeze devices", 2], ["#bitcoin developers", 2], ["#bitcoin developers address", 2], ["a significant", 2], ["significant security", 2], ["significant security vulnerability", 2], [": researchers", 2], ["at symantec", 2], [": researchers at", 2], ["researchers at symantec", 2], ["cve-0000-0000000 -", 2], ["0.00 and", 2], [" html publisher", 2], ["html publisher plugin", 2], ["publisher plugin 0.00", 2], ["plugin 0.00 and", 2], ["0.00 and older", 2], ["in html publisher", 2], [" html publisher plugin", 2], ["html publisher plugin 0.00", 2], ["publisher plugin 0.00 and", 2], ["plugin 0.00 and older", 2], ["0.00 and older in", 2], [" researchers", 2], ["have disclosed", 2], ["in many", 2], ["in many ", 2], ["here is", 2], ["microsoft won't", 2], ["fix it", 2], ["has a serious", 2], ["kernel cve-0000-00000", 2], ["cve-0000-00000 authentication", 2], [" kernel cve-0000-00000", 2], ["kernel cve-0000-00000 authentication", 2], ["cve-0000-00000 authentication bypass", 2], [" kernel cve-0000-00000 authentication", 2], ["kernel cve-0000-00000 authentication bypass", 2], ["cve-0000-00000 authentication bypass vulnerability", 2], ["authentication bypass vulnerability [", 2], [" claims", 2], ["hackers are", 2], ["trying to", 2], [": claims", 2], ["hit with", 2], ["and are", 2], ["0.0 an", 2], ["exploitable vulnerability", 2], ["with -", 2], [" - score", 2], [": 0.0 an", 2], [" - score :", 2], ["score : 0.0 an", 2], ["#news ", 2], ["iis group", 2], ["group ", 2], [" panel", 2], ["panel bypass", 2], ["bypass and", 2], ["and sql", 2], ["sql i\u0307njection", 2], ["i\u0307njection vulnerability", 2], ["iis group ", 2], ["group panel", 2], [" panel bypass", 2], ["panel bypass and", 2], ["bypass and sql", 2], ["and sql i\u0307njection", 2], ["sql i\u0307njection vulnerability", 2], ["iis group panel", 2], ["group panel bypass", 2], [" panel bypass and", 2], ["panel bypass and sql", 2], ["bypass and sql i\u0307njection", 2], ["and sql i\u0307njection vulnerability", 2], ["released an", 2], [" has released", 2], ["critical vulnerability in the", 2], ["could be exploited to", 2], [" gets", 2], ["gets massive", 2], ["massive ddos", 2], ["round 0", 2], ["- #opstoptheun", 2], ["#opstoptheun vs", 2], [" gets massive", 2], ["- #opstoptheun vs", 2], [". what", 2], [": vulnerability affects", 2], ["to be aware", 2], ["be aware of", 2], [": vulnerability affects hundreds", 2], ["of devices .", 2], ["vulnerability on devices", 2], ["major security", 2], ["discovered vulnerability", 2], ["in intel", 2], [": a serious", 2], [": a serious vulnerability", 2], ["a serious vulnerability has", 2], ["the way", 2], ["in the way", 2], ["java vm", 2], ["vm component", 2], ["supported versions", 2], ["the java vm", 2], ["java vm component", 2], ["vm component of", 2], [" . supported", 2], [". supported versions", 2], ["in the java vm", 2], ["the java vm component", 2], ["java vm component of", 2], ["vm component of ", 2], ["of . supported", 2], [" . supported versions", 2], ["microsoft patches", 2], ["patches rdp", 2], [". update", 2], ["update now", 2], ["part of", 2], ["microsoft patches rdp", 2], ["patches rdp vulnerability", 2], ["rdp vulnerability .", 2], ["vulnerability . update", 2], [". update now", 2], ["microsoft patches rdp vulnerability", 2], ["patches rdp vulnerability .", 2], ["rdp vulnerability . update", 2], ["vulnerability . update now", 2], ["vulnerable to a", 2], ["like to", 2], ["and the vulnerability", 2], ["steal ", 2], ["to steal ", 2], ["which chromebooks", 2], ["chromebooks are", 2], ["showing which chromebooks", 2], ["which chromebooks are", 2], ["chromebooks are vulnerable", 2], ["list showing which chromebooks", 2], ["showing which chromebooks are", 2], ["which chromebooks are vulnerable", 2], ["chromebooks are vulnerable to", 2], [" play", 2], ["found a security", 2], ["found a security vulnerability", 2], ["hit by ddos", 2], ["url-based threats", 2], ["threats to", 2], ["are a", 2], ["vulnerability minefield", 2], ["apps for ", 2], ["for are", 2], [" are a", 2], ["are a security", 2], ["security vulnerability minefield", 2], ["apps for are", 2], ["for are a", 2], [" are a security", 2], ["are a security vulnerability", 2], ["a security vulnerability minefield", 2], ["were not", 2], ["- os", 2], ["os command", 2], [". ...", 2], ["cve-0000-0000 - os", 2], ["- os command", 2], ["os command injection", 2], [" epolicy orchestrator", 2], ["epo ) 0.0", 2], ["cve-0000-0000 - os command", 2], ["- os command injection", 2], ["os command injection vulnerability", 2], ["command injection vulnerability in", 2], ["in epolicy orchestrator", 2], [" epolicy orchestrator (", 2], ["( epo ) 0.0", 2], ["epo ) 0.0 .", 2], [" landscape", 2], ["landscape management", 2], ["management information", 2], [": landscape", 2], [" landscape management", 2], ["landscape management information", 2], ["management information disclosure", 2], ["vuln : landscape", 2], [": landscape management", 2], [" landscape management information", 2], ["landscape management information disclosure", 2], ["management information disclosure vulnerability", 2], ["increasingly sophisticated", 2], ["hacking group", 2], ["a zero-day vulnerability in", 2], ["manager version", 2], ["version 0.0", 2], ["policy manager version", 2], ["manager version 0.0", 2], ["version 0.0 .", 2], ["hpe clearpass policy", 2], ["clearpass policy manager version", 2], ["policy manager version 0.0", 2], ["manager version 0.0 .", 2], ["version 0.0 . x", 2], ["the mailer", 2], ["mailer plugin", 2], ["0.00 for", 2], ["allows r", 2], ["cve-0000-0000 cross-site request", 2], ["in the mailer", 2], ["the mailer plugin", 2], ["mailer plugin 0.00", 2], ["plugin 0.00 for", 2], ["0.00 for ", 2], ["for allows", 2], ["cve-0000-0000 cross-site request forgery", 2], ["vulnerability in the mailer", 2], ["in the mailer plugin", 2], ["the mailer plugin 0.00", 2], ["mailer plugin 0.00 for", 2], ["plugin 0.00 for ", 2], ["discovered the", 2], ["last year", 2], ["year ,", 2], [" discovered the", 2], ["last year ,", 2], ["contain a", 2], ["to manage", 2], [" software", 2], ["0000.00 webaudio", 2], ["webaudio html", 2], ["page use-after-free", 2], [". 0000.00 webaudio", 2], ["0000.00 webaudio html", 2], ["webaudio html page", 2], ["html page use-after-free", 2], ["page use-after-free memory", 2], ["00.0 . 0000.00 webaudio", 2], [". 0000.00 webaudio html", 2], ["0000.00 webaudio html page", 2], ["webaudio html page use-after-free", 2], ["html page use-after-free memory", 2], ["page use-after-free memory corruption", 2], ["vulnerability in tegra", 2], ["r0 sp0", 2], ["font engine", 2], ["( mysql", 2], ["https:t.co0kyxtdzjkl ( mysql", 2], ["( mysql server", 2], ["a cross-site", 2], ["a cross-site scripting", 2], ["a cross-site scripting vulnerability", 2], ["cross-site scripting vulnerability in", 2], ["a report", 2], ["confirmed that", 2], ["that ", 2], ["that is", 2], [" process", 2], ["process monitoring", 2], ["monitoring infrastructure", 2], ["infrastructure cve-0000-0000", 2], [": process", 2], [" process monitoring", 2], ["process monitoring infrastructure", 2], ["monitoring infrastructure cve-0000-0000", 2], ["infrastructure cve-0000-0000 cross", 2], [": process monitoring", 2], [" process monitoring infrastructure", 2], ["process monitoring infrastructure cve-0000-0000", 2], ["monitoring infrastructure cve-0000-0000 cross", 2], ["infrastructure cve-0000-0000 cross site", 2], ["manager 0.0", 2], ["have a", 2], ["vulnerability by", 2], ["'s autofill", 2], ["- including", 2], [" 's autofill", 2], ["found in 's", 2], ["in 's autofill", 2], ["exposes malware", 2], ["malware risks", 2], ["vulnerability exposes malware", 2], ["exposes malware risks", 2], ["script vulnerability exposes malware", 2], ["vulnerability exposes malware risks", 2], ["and slack", 2], ["like and", 2], [" and slack", 2], ["apps like and", 2], ["like and slack", 2], ["could open", 2], ["open the", 2], ["door to", 2], ["attempt to", 2], ["users into", 2], ["that could open", 2], ["could open the", 2], ["open the door", 2], ["the door to", 2], ["has a vulnerability that", 2], ["a vulnerability that could", 2], ["vulnerability that could open", 2], ["that could open the", 2], ["could open the door", 2], ["open the door to", 2], ["can freeze", 2], ["freeze your", 2], ["a link", 2], ["security vulnerability can", 2], ["vulnerability can freeze", 2], ["freeze your ", 2], ["discovered security vulnerability can", 2], ["security vulnerability can freeze", 2], ["attackers fake", 2], ["fake email", 2], ["email recipients", 2], ["post : \"", 2], [": \" ", 2], ["spoofing vulnerability lets", 2], ["lets attackers fake", 2], ["attackers fake email", 2], ["fake email recipients", 2], ["new post : \"", 2], ["inbox spoofing vulnerability lets", 2], ["spoofing vulnerability lets attackers", 2], ["vulnerability lets attackers fake", 2], ["lets attackers fake email", 2], ["attackers fake email recipients", 2], [" ..", 2], ["more here", 2], ["read more here", 2], [" jscript", 2], ["security vulnerability ,", 2], ["disclosure of", 2], ["which affects", 2], ["oracle financial", 2], ["of financial", 2], ["component of financial", 2], ["on that", 2], ["so the", 2], ["lg ", 2], ["lg devices", 2], [" confirms", 2], ["could lead", 2], ["apps to", 2], ["to download", 2], ["vulnerability could lead", 2], ["apps to download", 2], ["https:t.coks0bv0fsqa : apps", 2], ["script vulnerability could lead", 2], ["disclosure vulnerability-google", 2], ["vulnerability-google android", 2], ["android is", 2], ["information disclosure vulnerability-google", 2], ["disclosure vulnerability-google android", 2], ["vulnerability-google android is", 2], ["android is prone", 2], ["information disclosure vulnerability-google android", 2], ["disclosure vulnerability-google android is", 2], ["vulnerability-google android is prone", 2], ["android is prone to", 2], ["server vulnerability", 2], ["posted by", 2], ["posted by ", 2], [": firewalls", 2], ["cve-0000-00000 : firewalls", 2], [": firewalls remote", 2], ["how the", 2], ["to have", 2], ["the \"", 2], ["0.0 vulnerability", 2], [": 0.0 vulnerability", 2], ["0.0 vulnerability in", 2], ["score : 0.0 vulnerability", 2], [": 0.0 vulnerability in", 2], ["0.0 vulnerability in the", 2], ["null pointer", 2], ["dereference denial", 2], ["null pointer dereference", 2], ["pointer dereference denial", 2], ["dereference denial of", 2], ["pointer dereference denial of", 2], ["dereference denial of service", 2], ["a malware", 2], ["last week", 2], ["been jailed", 2], ["ddos attacks against", 2], [" - the", 2], ["has been jailed", 2], ["been jailed for", 2], ["has been jailed for", 2], ["cve-0000-00000 protonvpn", 2], ["cve-0000-00000 protonvpn 0.0", 2], ["cve-0000-00000 protonvpn 0.0 .", 2], [" gui", 2], ["gui for", 2], ["for html", 2], ["html cross", 2], [": gui", 2], [" gui for", 2], ["gui for html", 2], ["for html cross", 2], ["html cross site", 2], ["vuln : gui", 2], [": gui for", 2], [" gui for html", 2], ["gui for html cross", 2], ["for html cross site", 2], ["html cross site scripting", 2], ["in m", 2], ["reflected cross-site", 2], ["reflected cross-site scripting", 2], ["vulnerability of ", 2], ["reflected cross-site scripting vulnerability", 2], ["vulnerability of devices", 2], ["in order", 2], ["order to", 2], ["attacks on the", 2], ["in order to", 2], ["ddos attacks on the", 2], ["attacks on the rise", 2], [" pdfium", 2], ["pdfium openjpeg", 2], ["openjpeg heap-based", 2], [" pdfium openjpeg", 2], ["pdfium openjpeg heap-based", 2], ["openjpeg heap-based buffer", 2], [" pdfium openjpeg heap-based", 2], ["pdfium openjpeg heap-based buffer", 2], ["openjpeg heap-based buffer overflow", 2], ["overflow vulnerability ( cve-0000-00000)", 2], ["#vulnerability ", 2], ["reflected xss", 2], [" remote desktop protocol", 2], ["that exploits", 2], ["to mitigate", 2], ["player zero-day", 2], ["#cybersecurity #infosec", 2], [" player zero-day", 2], ["player zero-day vulnerability", 2], [" player zero-day vulnerability", 2], ["to 00", 2], [" up", 2], ["up to 00", 2], ["to 00 .", 2], ["00 . x", 2], [" up to", 2], ["up to 00 .", 2], [". cc", 2], ["banks ,", 2], ["a cross", 2], ["from a cross", 2], ["a cross site", 2], ["scripting vulnerability .", 2], ["suffers from a cross", 2], ["from a cross site", 2], ["a cross site scripting", 2], ["site scripting vulnerability .", 2], [" netweaver", 2], ["netweaver business", 2], ["business client", 2], ["cve-0000-0000 unspecified", 2], ["vulnerability-sap netweaver", 2], ["did you", 2], ["active directory", 2], ["read our", 2], ["know about ", 2], [": jenkins", 2], ["publisher -", 2], ["0 a", 2], ["cve-0000-0000000 : jenkins", 2], ["publisher - score", 2], [": 0 a", 2], ["publisher - score :", 2], ["score : 0 a", 2], [": cve-0000-00000", 2], ["#injection #vulnerability", 2], ["update : ", 2], ["in 0000 -", 2], ["news update : ", 2], ["ddos'ing ", 2], [" providers", 2], [", according", 2], [", according to", 2], ["checking back", 2], ["back in", 2], ["in with", 2], ["'s dfp", 2], ["dfp xss", 2], ["#appsec #owasp", 2], ["#xss #google", 2], ["checking back in", 2], ["back in with", 2], ["in with ", 2], ["with 's", 2], [" 's dfp", 2], ["'s dfp xss", 2], ["dfp xss vulnerability", 2], ["checking back in with", 2], ["back in with ", 2], ["in with 's", 2], ["with 's dfp", 2], [" 's dfp xss", 2], ["'s dfp xss vulnerability", 2], [" 0.0", 2], ["0000 r0", 2], ["server 0000 r0", 2], ["old vulnerability", 2], ["websites ,", 2], [", ddos", 2], ["hacker news :", 2], ["news : ", 2], ["the hacker news :", 2], ["hacker news : ", 2], ["has not", 2], ["not a", 2], ["bug and", 2], ["is in the", 2], ["attacking ", 2], ["...: this", 2], ["...: this vulnerability", 2], ["vulnerability is currently", 2], ["...: this vulnerability is", 2], ["this vulnerability is currently", 2], [" trust", 2], ["trust media", 2], ["private internet", 2], ["internet access", 2], [" trust media", 2], ["private internet access", 2], ["exploits a", 2], [". an", 2], ["exploits a vulnerability", 2], ["in .", 2], ["exploits a vulnerability in", 2], ["vulnerability in .", 2], ["and microsoft", 2], ["vast numbers", 2], ["numbers of", 2], ["vast numbers of", 2], ["vulnerability report", 2], [" project", 2], [" project zero", 2], ["news on", 2], ["camera qr", 2], ["qr code", 2], ["code reader", 2], ["reader could", 2], ["could direct", 2], ["direct users", 2], [" camera qr", 2], ["camera qr code", 2], ["qr code reader", 2], ["code reader could", 2], ["reader could direct", 2], ["could direct users", 2], ["direct users to", 2], ["to malicious websites", 2], ["vulnerability in camera", 2], ["in camera qr", 2], [" camera qr code", 2], ["camera qr code reader", 2], ["qr code reader could", 2], ["code reader could direct", 2], ["reader could direct users", 2], ["could direct users to", 2], ["direct users to malicious", 2], ["users to malicious websites", 2], ["cve-0000-0000 vulnerability in ", 2], ["has disclosed", 2], ["before ", 2], ["has disclosed a", 2], ["before could", 2], ["europe and", 2], [" take", 2], ["targets have", 2], ["been on", 2], ["europe and ", 2], ["and take", 2], [" take on", 2], ["europe and take", 2], ["and take on", 2], [" take on more", 2], ["patches for", 2], ["had a", 2], ["qualcomm handler", 2], ["handler function", 2], ["function tz_app_cmd_handler", 2], ["tz_app_cmd_handler information", 2], ["on qualcomm handler", 2], ["qualcomm handler function", 2], ["handler function tz_app_cmd_handler", 2], ["function tz_app_cmd_handler information", 2], ["tz_app_cmd_handler information disclosure", 2], ["android on qualcomm handler", 2], ["on qualcomm handler function", 2], ["qualcomm handler function tz_app_cmd_handler", 2], ["handler function tz_app_cmd_handler information", 2], ["function tz_app_cmd_handler information disclosure", 2], ["tz_app_cmd_handler information disclosure :", 2], ["module (", 2], ["( imm", 2], ["imm )", 2], [") is", 2], ["is affected", 2], ["by vulnerability", 2], ["in openslp", 2], ["openslp (", 2], ["bulletin : ", 2], [": integrated", 2], ["management module (", 2], ["module ( imm", 2], ["( imm )", 2], ["imm ) is", 2], [") is affected", 2], ["is affected by", 2], ["affected by vulnerability", 2], ["by vulnerability in", 2], ["vulnerability in openslp", 2], ["in openslp (", 2], ["security bulletin : ", 2], ["bulletin : integrated", 2], [": integrated management", 2], ["integrated management module (", 2], ["management module ( imm", 2], ["module ( imm )", 2], ["( imm ) is", 2], ["imm ) is affected", 2], [") is affected by", 2], ["is affected by vulnerability", 2], ["affected by vulnerability in", 2], ["by vulnerability in openslp", 2], ["vulnerability in openslp (", 2], ["about .", 2], ["again !", 2], ["that affects", 2], ["yet another vulnerability", 2], ["over a", 2], ["seems to", 2], ["\" \"", 2], ["seems to be", 2], ["but doesn't", 2], ["vulnerability but doesn't", 2], ["00 vulnerability but doesn't", 2], ["vulnerability execute", 2], ["#patch #vulnerability", 2], ["cve-0000-0000 #patch #vulnerability", 2], ["module ii", 2], ["ii (", 2], ["( imm0", 2], ["imm0 )", 2], ["for system", 2], ["affects integrated", 2], ["management module ii", 2], ["module ii (", 2], ["ii ( imm0", 2], ["( imm0 )", 2], ["imm0 ) for", 2], [") for system", 2], ["affects integrated management", 2], ["integrated management module ii", 2], ["management module ii (", 2], ["module ii ( imm0", 2], ["ii ( imm0 )", 2], ["( imm0 ) for", 2], ["imm0 ) for system", 2], ["researchers discovered", 2], ["affects a", 2], ["a lot", 2], ["researchers discovered a", 2], ["netweaver java", 2], ["java as", 2], ["netweaver java as", 2], [": severe", 2], ["severe vulnerability in", 2], ["severe vulnerability in all", 2], ["vulnerability in all ", 2], ["return of", 2], ["threat (", 2], ["published by", 2], [" threat (", 2], ["products (", 2], ["in products", 2], [" products (", 2], ["adobe flash", 2], [": 00", 2], ["adobe flash player", 2], ["use-after-free vulnerability in", 2], ["rce vulnerability", 2], ["apps ,", 2], ["skype ,", 2], ["slack ,", 2], ["rce vulnerability in", 2], ["in framework", 2], ["signal , slack", 2], [", slack ,", 2], ["rce vulnerability in ", 2], ["vulnerability in framework", 2], [", signal , slack", 2], ["signal , slack ,", 2], ["00% of ", 2], ["blog :", 2], [" data", 2], ["researchers found", 2], ["researchers found a", 2], ["researchers found a vulnerability", 2], ["for their", 2], ["their ", 2], ["their devices", 2], ["nvd : cve-0000-0000", 2], ["the nvd : cve-0000-0000", 2], ["found .", 2], ["local security", 2], ["cve-0000-0000 local security", 2], ["local security bypass", 2], ["cve-0000-0000 local security bypass", 2], ["local security bypass vulnerability", 2], ["vulnerability from", 2], ["edge memory", 2], ["( edge", 2], [" edge memory", 2], ["disclosure vulnerability )", 2], ["https:t.co0kyxtdzjkl ( edge", 2], ["( edge memory", 2], ["information disclosure vulnerability )", 2], ["beware !!", 2], ["#vulnerability allows", 2], ["an #attacker", 2], ["#attacker to", 2], [" victims", 2], ["victims into", 2], ["#vulnerability allows an", 2], ["allows an #attacker", 2], ["an #attacker to", 2], ["#attacker to ", 2], ["to victims", 2], [" victims into", 2], ["#vulnerability allows an #attacker", 2], ["allows an #attacker to", 2], ["an #attacker to ", 2], ["#attacker to victims", 2], ["to victims into", 2], ["security researchers at", 2], ["thehackersnews :", 2], ["proof-of-concept code", 2], ["for \"", 2], ["\" chakracore", 2], ["chakracore scripting", 2], [" i", 2], ["proof-of-concept code for", 2], ["code for \"", 2], ["for \" chakracore", 2], ["\" chakracore scripting", 2], ["chakracore scripting engine", 2], ["scripting engine vulnerability", 2], ["engine vulnerability (", 2], ["proof-of-concept code for \"", 2], ["code for \" chakracore", 2], ["for \" chakracore scripting", 2], ["\" chakracore scripting engine", 2], ["chakracore scripting engine vulnerability", 2], ["scripting engine vulnerability (", 2], ["engine vulnerability ( cve-0000-0000", 2], ["0 billion", 2], ["in this", 2], ["in their", 2], ["vulnerability in their", 2], ["devices with", 2], ["for years", 2], [", google", 2], ["more respond", 2], ["respond on", 2], ["on chip", 2], ["vulnerability issue", 2], ["and more respond", 2], ["more respond on", 2], ["respond on chip", 2], ["on chip vulnerability", 2], ["chip vulnerability issue", 2], ["and more respond on", 2], ["more respond on chip", 2], ["respond on chip vulnerability", 2], ["on chip vulnerability issue", 2], ["the global", 2], ["global playing", 2], ["playing field", 2], ["field is", 2], ["out as", 2], ["attacks .", 2], ["the global playing", 2], ["global playing field", 2], ["playing field is", 2], ["out as ", 2], ["ddos attacks .", 2], ["the global playing field", 2], ["global playing field is", 2], ["out as and", 2], ["as and asia", 2], ["apple says", 2], ["it has", 2], ["tegra kernel", 2], [" tegra kernel", 2], ["vulnerability cve-0000-0000", 2], ["exploited in", 2], ["korean hackers", 2], ["north korean hackers", 2], ["rt @jentutech", 2], ["@jentutech :", 2], [" police", 2], ["rt @jentutech :", 2], [": cve-0000-0000000", 2], ["than ", 2], ["on .", 2], [": mcafee", 2], ["mcafee epolicy", 2], ["orchestrator -", 2], ["cve-0000-0000 : mcafee", 2], [": mcafee epolicy", 2], ["mcafee epolicy orchestrator", 2], ["epolicy orchestrator -", 2], ["orchestrator - score", 2], ["cve-0000-0000 : mcafee epolicy", 2], [": mcafee epolicy orchestrator", 2], ["mcafee epolicy orchestrator -", 2], ["epolicy orchestrator - score", 2], ["orchestrator - score :", 2], ["vulnerability impacting", 2], ["of oracle", 2], ["component of oracle", 2], ["in goo", 2], ["found in goo", 2], ["was found in goo", 2], ["vulnerability for ", 2], ["unpatched flaw", 2], ["manager (", 2], ["attack against", 2], ["mirai botnet", 2], ["ddos attack against", 2], ["attack against ", 2], ["ddos attack against ", 2], [": there", 2], ["a stored", 2], ["stored cross-site", 2], [" espace", 2], ["espace desktop", 2], [": there is", 2], ["is a stored", 2], ["a stored cross-site", 2], ["stored cross-site scripting", 2], ["in espace", 2], [" espace desktop", 2], ["there is a stored", 2], ["is a stored cross-site", 2], ["a stored cross-site scripting", 2], ["stored cross-site scripting (", 2], ["vulnerability in espace", 2], ["in espace desktop", 2], ["atmfd .", 2], ["atmfd . dll", 2], ["vulnerability as", 2], ["buffer #overflow", 2], ["#overflow #vulnerability", 2], ["based buffer #overflow", 2], ["buffer #overflow #vulnerability", 2], ["#vuln : industrial", 2], ["stack based buffer #overflow", 2], ["based buffer #overflow #vulnerability", 2], ["in apple\u2019s", 2], ["apple\u2019s usb", 2], [": security researchers", 2], ["vulnerability in apple\u2019s", 2], ["in apple\u2019s usb", 2], ["apple\u2019s usb restricted", 2], ["find vulnerability in apple\u2019s", 2], ["vulnerability in apple\u2019s usb", 2], ["in apple\u2019s usb restricted", 2], ["apple\u2019s usb restricted mode", 2], [". \"", 2], ["russian servers", 2], ["network :", 2], ["russian servers linked", 2], ["linked to ddos", 2], ["russian servers linked to", 2], ["servers linked to ddos", 2], ["linked to ddos attack", 2], ["to ddos attack on", 2], ["nvidia driver", 2], ["cve-0000-0000 : android", 2], ["original blog", 2], ["the password", 2], ["original blog post", 2], ["[ secu", 2], ["secu ]", 2], ["[ secu ]", 2], ["secu ] ", 2], ["[ secu ] ", 2], ["0 (", 2], ["version 0 (", 2], ["let 's", 2], ["0000 ---", 2], ["the entire", 2], ["ibm ibm", 2], ["ibm ibm security", 2], ["ibm ibm security bulletin", 2], [", but", 2], ["but i", 2], ["vulnerability cve-0000-00000", 2], ["[ webapps", 2], ["webapps #exploits", 2], ["#exploits #vulnerability", 2], ["#vulnerability #0day", 2], ["[ webapps #exploits", 2], ["webapps #exploits #vulnerability", 2], ["#exploits #vulnerability #0day", 2], ["@inj0ct0r : #0daytoday ", 2], ["[ webapps #exploits #vulnerability", 2], ["webapps #exploits #vulnerability #0day", 2], ["allows hackers", 2], ["allows hackers to", 2], ["! -", 2], ["000 million", 2], ["ms00-000 -", 2], ["- important", 2], ["important :", 2], ["component could", 2], ["allow information", 2], ["ms00-000 - important", 2], ["- important :", 2], ["important : vulnerability", 2], ["in graphics", 2], [" graphics component", 2], ["graphics component could", 2], ["component could allow", 2], ["could allow information", 2], ["allow information disclosure", 2], ["ms00-000 - important :", 2], ["- important : vulnerability", 2], ["important : vulnerability in", 2], ["vulnerability in graphics", 2], ["in graphics component", 2], [" graphics component could", 2], ["graphics component could allow", 2], ["component could allow information", 2], ["could allow information disclosure", 2], ["allow information disclosure (", 2], ["plays down", 2], ["nintendo switch vulnerability", 2], ["massive code", 2], ["code rewrite", 2], ["rewrite may", 2], ["be required", 2], ["required to", 2], ["patch ", 2], ["massive code rewrite", 2], ["code rewrite may", 2], ["rewrite may be", 2], ["may be required", 2], ["be required to", 2], ["required to patch", 2], ["to patch ", 2], ["patch vulnerability", 2], ["massive code rewrite may", 2], ["code rewrite may be", 2], ["rewrite may be required", 2], ["may be required to", 2], ["be required to patch", 2], ["required to patch ", 2], ["to patch vulnerability", 2], ["internet explorer", 2], ["in internet", 2], [" was", 2], ["unit 00", 2], ["cve-0000-0000000 a", 2], ["engine remote", 2], ["protection engine remote", 2], ["engine remote code", 2], ["malware protection engine remote", 2], ["protection engine remote code", 2], ["engine remote code execution", 2], ["developers the", 2], [" development", 2], ["nvidia components", 2], ["components cve-0000-0000", 2], ["cve-0000-0000 privilege", 2], ["android nvidia components", 2], ["nvidia components cve-0000-0000", 2], ["components cve-0000-0000 privilege", 2], ["cve-0000-0000 privilege escalation", 2], [" android nvidia components", 2], ["android nvidia components cve-0000-0000", 2], ["nvidia components cve-0000-0000 privilege", 2], ["components cve-0000-0000 privilege escalation", 2], ["cve-0000-0000 privilege escalation vulnerability", 2], ["it just", 2], ["ddos against ", 2], ["news about", 2], ["to 00.0", 2], ["to 00.0 .", 2], ["00.0 . 0", 2], ["to 00.0 . 0", 2], ["to security", 2], ["driver contains a vulnerability", 2], ["windows ", 2], ["users ,", 2], [" users ,", 2], ["attackers to gain", 2], ["full control of", 2], ["the web-based", 2], ["web-based management", 2], ["interface of", 2], ["in the web-based", 2], ["the web-based management", 2], ["web-based management interface", 2], ["management interface of", 2], ["interface of ", 2], ["of integrated", 2], ["vulnerability in the web-based", 2], ["in the web-based management", 2], ["the web-based management interface", 2], ["web-based management interface of", 2], ["management interface of ", 2], ["interface of integrated", 2], ["of integrated management", 2], [" in", 2], ["that #microsoft", 2], ["concerned about", 2], ["about ddos", 2], ["ddos ,", 2], ["all mac and", 2], ["and spectre vulnerability", 2], ["all mac and ", 2], ["mac and devices", 2], ["meltdown and spectre vulnerability", 2], [". it", 2], [", it", 2], ["news from", 2], ["night .", 2], ["0000 kernel", 2], ["00server 0000 kernel", 2], ["0000 kernel information", 2], [" 00server 0000 kernel", 2], ["00server 0000 kernel information", 2], ["0000 kernel information disclosure", 2], ["kernel information disclosure :", 2], ["#onmsft #microsoft", 2], ["#microsoft #windows00", 2], ["#windows00 #xbox", 2], ["#xbox #in", 2], ["#in :", 2], [": zero-day", 2], ["is making", 2], ["making its", 2], ["its rounds", 2], ["rounds ,", 2], [", targets", 2], ["#onmsft #microsoft #windows00", 2], ["#microsoft #windows00 #xbox", 2], ["#windows00 #xbox #in", 2], ["#xbox #in :", 2], ["zero-day vulnerability", 2], [" vulnerability is", 2], ["vulnerability is making", 2], ["is making its", 2], ["making its rounds", 2], ["its rounds ,", 2], ["rounds , targets", 2], ["#onmsft #microsoft #windows00 #xbox", 2], ["#microsoft #windows00 #xbox #in", 2], ["#windows00 #xbox #in :", 2], ["zero-day vulnerability is", 2], [" vulnerability is making", 2], ["vulnerability is making its", 2], ["is making its rounds", 2], ["making its rounds ,", 2], ["its rounds , targets", 2], ["by using", 2], ["using \u201ccrafted", 2], ["\u201ccrafted xml", 2], ["xml ,", 2], [", \u201d", 2], ["\u201d attacker", 2], ["attacker could", 2], ["could take", 2], ["by using \u201ccrafted", 2], ["using \u201ccrafted xml", 2], ["\u201ccrafted xml ,", 2], ["xml , \u201d", 2], [", \u201d attacker", 2], ["\u201d attacker could", 2], ["attacker could take", 2], ["could take over", 2], ["by using \u201ccrafted xml", 2], ["using \u201ccrafted xml ,", 2], ["\u201ccrafted xml , \u201d", 2], ["xml , \u201d attacker", 2], [", \u201d attacker could", 2], ["\u201d attacker could take", 2], ["attacker could take over", 2], ["botnets ,", 2], ["jenkins s0", 2], ["s0 publisher", 2], ["jenkins s0 publisher", 2], [" is prone", 2], [" 00", 2], ["by @thehackersnews", 2], ["@thehackersnews #hackernews", 2], [": by @thehackersnews", 2], ["by @thehackersnews #hackernews", 2], ["@koddoscom : by @thehackersnews", 2], [": by @thehackersnews #hackernews", 2], [": bugtraq", 2], ["bugtraq :", 2], ["to distribute", 2], ["#security : bugtraq", 2], [": bugtraq :", 2], ["#vulnerability #security : bugtraq", 2], ["#security : bugtraq :", 2], ["security flaw", 2], ["disclosure vulnerability-microsoft windows", 2], ["cve-0000-00000 information disclosure vulnerability-microsoft", 2], ["information disclosure vulnerability-microsoft windows", 2], ["disclosure vulnerability-microsoft windows is", 2], ["on tuesday", 2], [" rdp", 2], ["disclosure vulnerability exists", 2], ["information disclosure vulnerability exists", 2], ["disclosure vulnerability exists when", 2], ["an improper", 2], ["#security #infosec", 2], [" devices \"", 2], [". (", 2], [", etc", 2], ["etc .", 2], [". )", 2], ["the cpu vulnerability", 2], ["cpu vulnerability .", 2], [", etc .", 2], ["' cve-0000-0000", 2], ["securitynewsbot :", 2], ["pan-os cve-0000-00000", 2], ["securitynewsbot : #vuln", 2], [" pan-os cve-0000-00000", 2], ["securitynewsbot : #vuln :", 2], ["#vuln : pan-os", 2], [": pan-os cve-0000-00000", 2], ["cve-0000-0000 security", 2], [": cve-0000-0000", 2], ["cve-0000-0000 security bypass", 2], ["vuln : cve-0000-0000", 2], ["cve-0000-0000 security bypass vulnerability", 2], [" be", 2], ["hear about", 2], ["about it on", 2], ["time for a", 2], ["revealed that", 2], [". lmao", 2], ["lmao .", 2], [". lmao .", 2], ["and russia", 2], [" and russia", 2], ["you ddos", 2], ["i need", 2], [" says", 2], ["microsoft and", 2], ["- google", 2], ["microsoft and ", 2], ["vulnerability - google", 2], [" under", 2], [" under ddos", 2], ["under ddos ?", 2], [" under ddos ?", 2], [" businesses", 2], ["\" in", 2], ["vulnerability you", 2], ["outlook could", 2], ["exploited by", 2], ["by hackers", 2], [" outlook could", 2], ["outlook could be", 2], ["by hackers to", 2], ["vulnerability in outlook", 2], ["in outlook could", 2], [" outlook could be", 2], ["outlook could be exploited", 2], ["chrome customers", 2], ["customers need", 2], ["chrome customers need", 2], ["customers need to", 2], ["know about the", 2], ["about the industry-wide", 2], ["chrome customers need to", 2], ["customers need to know", 2], ["to know about the", 2], ["know about the industry-wide", 2], ["about the industry-wide cpu", 2], ["unfixed ", 2], ["unfixed inbox", 2], ["it again", 2], [" family", 2], ["for #android", 2], [" family for", 2], ["cve-0000-00000 local denial", 2], ["cve-0000-00000 local denial of", 2], ["ddos protection", 2], [" hapis", 2], ["at 00:00", 2], ["to perform", 2], ["to th", 2], ["alienvault :", 2], ["#vulnerability can", 2], ["#vulnerability can be", 2], ["zero day", 2], ["day vulnerability", 2], ["zero day vulnerability", 2], [": here", 2], ["on vulnerability", 2], ["has revealed", 2], ["soon \u2014", 2], ["\u2014 at", 2], ["at least", 2], ["least not", 2], ["not until", 2], ["until they", 2], ["they '", 2], ["' mas", 2], ["' vulnerability anytime", 2], ["anytime soon \u2014", 2], ["soon \u2014 at", 2], ["\u2014 at least", 2], ["at least not", 2], ["least not until", 2], ["not until they", 2], ["until they '", 2], ["they ' mas", 2], ["' vulnerability anytime soon", 2], ["vulnerability anytime soon \u2014", 2], ["anytime soon \u2014 at", 2], ["soon \u2014 at least", 2], ["\u2014 at least not", 2], ["at least not until", 2], ["least not until they", 2], ["not until they '", 2], ["until they ' mas", 2], ["south korean", 2], ["operating system", 2], ["execution vulnerability )", 2], ["code execution vulnerability )", 2], ["execution vulnerability ) has", 2], ["maps vulnerability", 2], [" maps vulnerability", 2], [" web", 2], ["bypass vulnerability in", 2], ["in web", 2], ["directory traversal", 2], ["directory traversal vulnerability", 2], ["traversal vulnerability in", 2], ["directory traversal vulnerability in", 2], ["traversal vulnerability in ", 2], ["skia \"", 2], [" skia \"", 2], ["this #vulnerability", 2], ["exploited to steal", 2], ["can be exploited to", 2], ["be exploited to steal", 2], ["#0novices :", 2], ["been pu", 2], ["has been pu", 2], [") has been pu", 2], ["ddos attacks are", 2], ["ddos attacks are now", 2], ["security blog", 2], ["has more", 2], [". was", 2], ["going to", 2], [", has", 2], ["earlier ,", 2], ["and earlier ,", 2], [" exchange", 2], ["spoofing vulnerability ) has", 2], ["abuse and", 2], ["edge vulnerability that", 2], ["rt @certeu", 2], ["@certeu :", 2], ["( cert-eu", 2], ["cert-eu security", 2], ["advisory 0000-000", 2], ["0000-000 )", 2], ["rt @certeu :", 2], [" ( cert-eu", 2], ["( cert-eu security", 2], ["cert-eu security advisory", 2], ["security advisory 0000-000", 2], ["advisory 0000-000 )", 2], ["vulnerability in (", 2], ["in ( cert-eu", 2], [" ( cert-eu security", 2], ["( cert-eu security advisory", 2], ["cert-eu security advisory 0000-000", 2], ["security advisory 0000-000 )", 2], ["office outlook", 2], ["the jd", 2], ["jd edwards", 2], ["edwards enterpriseone", 2], ["enterpriseone tools", 2], ["tools component", 2], ["in the jd", 2], ["the jd edwards", 2], ["jd edwards enterpriseone", 2], ["edwards enterpriseone tools", 2], ["enterpriseone tools component", 2], ["tools component of", 2], ["vulnerability in the jd", 2], ["in the jd edwards", 2], ["the jd edwards enterpriseone", 2], ["jd edwards enterpriseone tools", 2], ["edwards enterpriseone tools component", 2], ["enterpriseone tools component of", 2], ["around the", 2], ["the only", 2], ["that this", 2], ["that this vulnerability", 2], ["country :", 2], [" vector", 2], ["vector :", 2], ["ddos actor", 2], ["actor :", 2], [": 0-day", 2], ["0-day dataloss", 2], ["dataloss :", 2], ["country : ", 2], [": vector", 2], [" vector :", 2], ["vector : ddos", 2], [": ddos actor", 2], ["ddos actor :", 2], ["vuln : 0-day", 2], [": 0-day dataloss", 2], ["0-day dataloss :", 2], ["country : vector", 2], [": vector :", 2], [" vector : ddos", 2], ["vector : ddos actor", 2], [": ddos actor :", 2], ["vuln : 0-day dataloss", 2], [": 0-day dataloss :", 2], ["new ddos", 2], ["to #phishing", 2], ["#phishing scams", 2], ["secure your", 2], ["to #phishing scams", 2], ["a free", 2], ["for ,", 2], ["the vulnerability", 2], ["vulnerability affects ", 2], [" login", 2], ["login plugin", 2], ["plugin 0.0", 2], [" login plugin", 2], ["qualcomm wv_dash_core_load_keys_v0", 2], ["wv_dash_core_load_keys_v0 ()", 2], ["on qualcomm wv_dash_core_load_keys_v0", 2], ["qualcomm wv_dash_core_load_keys_v0 ()", 2], ["wv_dash_core_load_keys_v0 () memory", 2], ["android on qualcomm wv_dash_core_load_keys_v0", 2], ["on qualcomm wv_dash_core_load_keys_v0 ()", 2], ["qualcomm wv_dash_core_load_keys_v0 () memory", 2], ["wv_dash_core_load_keys_v0 () memory corruption", 2], ["vulnerability that allows", 2], ["player vulnerability", 2], [" player vulnerability", 2], ["mirai okiru", 2], ["new #ddos", 2], ["#ddos botnet", 2], ["botnet targets", 2], ["as well", 2], ["auto ,", 2], [", #mobile", 2], ["#mobile ,", 2], ["new #ddos botnet", 2], ["auto , #mobile", 2], [", #mobile ,", 2], ["#mobile , ", 2], ["auto , #mobile ,", 2], [", #mobile , ", 2], ["#mobile , ,", 2], ["local information", 2], ["local information disclosure", 2], ["office cve-0000-0000", 2], [" office cve-0000-0000", 2], ["to update", 2], [" urges users", 2], [" urges users to", 2], ["by a", 2], ["affects almost", 2], ["all the", 2], ["affects almost all", 2], ["since 0000 ,", 2], ["exists when ", 2], ["vulnerability exists when ", 2], ["word vulnerability", 2], ["allows easy", 2], ["easy access", 2], ["to machine", 2], ["machine resources", 2], ["resources for", 2], [" word vulnerability", 2], ["word vulnerability allows", 2], ["vulnerability allows easy", 2], ["allows easy access", 2], ["easy access to", 2], ["access to machine", 2], ["to machine resources", 2], ["machine resources for", 2], [" word vulnerability allows", 2], ["word vulnerability allows easy", 2], ["vulnerability allows easy access", 2], ["allows easy access to", 2], ["easy access to machine", 2], ["access to machine resources", 2], ["to machine resources for", 2], ["ddos the", 2], ["remote attackers", 2], ["a mega-#vulnerability", 2], ["mega-#vulnerability alert", 2], ["drops a mega-#vulnerability", 2], ["a mega-#vulnerability alert", 2], ["mega-#vulnerability alert for", 2], ["#cisco drops a mega-#vulnerability", 2], ["drops a mega-#vulnerability alert", 2], ["a mega-#vulnerability alert for", 2], ["mega-#vulnerability alert for ", 2], ["more than", 2], ["000 attacks", 2], ["cpu security", 2], ["cpu security vulnerability", 2], ["computer chip", 2], ["computer chip vulnerability", 2], ["have leaked", 2], ["skype for", 2], ["attacker to", 2], ["an attacker to", 2], [" deal", 2], ["deal with", 2], [", deal", 2], [" deal with", 2], ["intel , deal", 2], [", deal with", 2], ["0 0.0 ", 2], ["0.0 0.0 .", 2], [". 0 0.0 ", 2], ["0 0.0 0.0", 2], ["dolphin browser", 2], ["arbitrary file", 2], [", skype", 2], ["from 00", 2], ["00 countries", 2], ["devices latest", 2], ["latest to", 2], ["to receive", 2], ["vulnerability warning", 2], [": devices", 2], [" devices latest", 2], ["devices latest to", 2], ["latest to receive", 2], [" devices latest to", 2], ["devices latest to receive", 2], [": ddos attacks", 2], ["analysis of", 2], [" appscan", 2], ["appscan enterprise", 2], ["enterprise edition", 2], ["edition 0.0", 2], ["cve-0000-0000 cross-site scripting", 2], ["in appscan", 2], [" appscan enterprise", 2], ["appscan enterprise edition", 2], ["enterprise edition 0.0", 2], ["edition 0.0 .", 2], ["x before 0", 2], ["cve-0000-0000 cross-site scripting (", 2], ["vulnerability in appscan", 2], ["in appscan enterprise", 2], [" appscan enterprise edition", 2], ["appscan enterprise edition 0.0", 2], ["enterprise edition 0.0 .", 2], ["edition 0.0 . x", 2], ["0.0 . x before", 2], [". x before 0", 2], ["x before 0 .", 2], ["( )", 2], ["ddos ", 2], ["for devices |", 2], ["vuln : kernel", 2], ["has discovered a", 2], ["an old", 2], ["android kernel", 2], ["kernel v0l0", 2], ["v0l0 video", 2], ["video driver", 2], [" android kernel", 2], ["android kernel v0l0", 2], ["kernel v0l0 video", 2], ["v0l0 video driver", 2], ["video driver privilege", 2], [" android kernel v0l0", 2], ["android kernel v0l0 video", 2], ["kernel v0l0 video driver", 2], ["v0l0 video driver privilege", 2], ["video driver privilege escalation", 2], [" firmware", 2], ["firmware processing", 2], ["code privilege", 2], ["id product", 2], ["product elevation", 2], ["elevation versions", 2], [" firmware processing", 2], ["firmware processing code", 2], ["processing code privilege", 2], ["code privilege vulnerability", 2], ["id product elevation", 2], ["product elevation versions", 2], [" firmware processing code", 2], ["firmware processing code privilege", 2], ["processing code privilege vulnerability", 2], ["id product elevation versions", 2], ["\" to", 2], ["against and", 2], [". 000.000", 2], ["from ,", 2], ["systems .", 2], [" high", 2], ["high sierra", 2], ["in high", 2], [" high sierra", 2], ["found in high", 2], ["in high sierra", 2], ["junit plugin", 2], ["0.00 on", 2], [" xml", 2], ["xml data", 2], ["data ssrf", 2], ["ssrf privilege", 2], [": .", 2], [". a", 2], ["junit plugin up", 2], ["to 0.00 on", 2], ["0.00 on ", 2], ["on xml", 2], [" xml data", 2], ["xml data ssrf", 2], ["data ssrf privilege", 2], ["ssrf privilege escalation", 2], ["escalation : .", 2], [": . a", 2], [". a vulnerability", 2], ["junit plugin up to", 2], ["up to 0.00 on", 2], ["to 0.00 on ", 2], ["0.00 on xml", 2], ["on xml data", 2], [" xml data ssrf", 2], ["xml data ssrf privilege", 2], ["data ssrf privilege escalation", 2], ["ssrf privilege escalation :", 2], ["privilege escalation : .", 2], ["escalation : . a", 2], [": . a vulnerability", 2], [". a vulnerability ,", 2], ["and what", 2], ["will not", 2], ["not be", 2], [", report", 2], ["will not be", 2], ["attacks against ", 2], ["zdi-00-0000 :", 2], [" font", 2], ["font embedding", 2], ["embedding out-of-bounds", 2], ["zdi-00-0000 : ", 2], [": font", 2], [" font embedding", 2], ["font embedding out-of-bounds", 2], ["embedding out-of-bounds read", 2], ["zdi-00-0000 : font", 2], [": font embedding", 2], [" font embedding out-of-bounds", 2], ["font embedding out-of-bounds read", 2], ["embedding out-of-bounds read information", 2], [" ios", 2], ["its users", 2], ["its users '", 2], ["nano issues", 2], ["nano issues alert", 2], ["nano issues alert on", 2], ["cve-0000-0000 information disclosure vulnerability", 2], ["bypass #vulnerability", 2], ["#vulnerability found", 2], ["in #sap", 2], ["startup service", 2], ["service ,", 2], ["authentication bypass #vulnerability", 2], ["#vulnerability found in", 2], ["found in #sap", 2], ["startup service ,", 2], [": what", 2], ["what you", 2], ["cpu vulnerability :", 2], ["what you need", 2], ["what you need to", 2], ["vulnerability which", 2], ["it to", 2], ["attacks by", 2], [": at", 2], ["at &", 2], ["& t", 2], [": at &", 2], ["at & t", 2], [": at & t", 2], ["is now", 2], ["itunes wi-fi", 2], ["wi-fi sync", 2], ["itunes wi-fi sync", 2], ["is a vulnerability", 2], ["there is a vulnerability", 2], ["is a vulnerability in", 2], ["kernel nt", 2], ["nt !", 2], ["memory disclosure", 2], [" kernel nt", 2], ["kernel nt !", 2], [": kernel nt", 2], [" kernel nt !", 2], ["critical vulnerability found", 2], ["critical vulnerability found in", 2], ["network over", 2], ["over the", 2], ["the weekend", 2], ["weekend and", 2], ["and on", 2], ["financial network over", 2], ["network over the", 2], ["over the weekend", 2], ["the weekend and", 2], ["weekend and on", 2], [" financial network over", 2], ["financial network over the", 2], ["network over the weekend", 2], ["over the weekend and", 2], ["the weekend and on", 2], ["for '", 2], ["wap000 and", 2], ["and wap000", 2], ["wap000 and wap000", 2], ["replaying old", 2], ["has a security", 2], [" has a security", 2], ["has a security vulnerability", 2], [": remote", 2], [": remote code", 2], [": remote code execution", 2], ["threatmeter : cve-0000-0000 :", 2], ["ios vulnerability", 2], ["attackers hack", 2], ["new ios vulnerability", 2], ["ios vulnerability lets", 2], ["lets attackers hack", 2], ["new ios vulnerability lets", 2], ["ios vulnerability lets attackers", 2], ["vulnerability lets attackers hack", 2], ["#ddos #attacks", 2], ["] |", 2], ["updated ] |", 2], ["] | ars", 2], ["[ updated ] |", 2], ["updated ] | ars", 2], ["] | ars technica", 2], ["communications manager", 2], ["unified communications manager", 2], ["scripting vulnerability )", 2], [" unified communications manager", 2], ["cross-site scripting vulnerability )", 2], ["scripting vulnerability ) has", 2], ["site request", 2], ["cross site request", 2], ["site request forgery", 2], ["cross site request forgery", 2], ["public the", 2], [": discloses", 2], ["vulnerability : google", 2], ["has made public", 2], ["made public the", 2], ["public the details", 2], [": discloses unpatched", 2], ["zero has made public", 2], ["has made public the", 2], ["made public the details", 2], ["public the details of", 2], ["[#0day #exploit", 2], ["[#0day #exploit ]", 2], ["cookies to", 2], ["to do", 2], ["you to", 2], ["on twitter", 2], [": &", 2], ["& quot", 2], ["quot ;", 2], ["after a", 2], [": & quot", 2], ["& quot ;", 2], [": & quot ;", 2], ["vulnerability ( cve-0000-00000", 2], ["vulnerability ( cve-0000-00000 )", 2], ["attacks have", 2], ["have become", 2], ["attacks have become", 2], ["the dangerous", 2], ["dangerous bug", 2], ["bug allows", 2], ["remotely execute", 2], ["the dangerous bug", 2], ["dangerous bug allows", 2], ["bug allows attackers", 2], ["remotely execute code", 2], ["the dangerous bug allows", 2], ["dangerous bug allows attackers", 2], ["bug allows attackers to", 2], ["#0daytoday #joomla", 2], ["#joomla ", 2], [" book", 2], ["book library", 2], ["library 0.0", 2], ["0 component", 2], ["component -", 2], ["- letter", 2], ["letter sql", 2], ["vulnerability [#0day", 2], ["#0daytoday #joomla ", 2], ["#joomla book", 2], [" book library", 2], ["book library 0.0", 2], ["library 0.0 .", 2], [". 0 component", 2], ["0 component -", 2], ["component - letter", 2], ["- letter sql", 2], ["letter sql injection", 2], ["injection vulnerability [#0day", 2], ["#0daytoday #joomla book", 2], ["#joomla book library", 2], [" book library 0.0", 2], ["book library 0.0 .", 2], ["library 0.0 . 0", 2], ["0.0 . 0 component", 2], [". 0 component -", 2], ["0 component - letter", 2], ["component - letter sql", 2], ["- letter sql injection", 2], ["letter sql injection vulnerability", 2], ["sql injection vulnerability [#0day", 2], ["manager could", 2], ["for remote", 2], ["in unified", 2], ["manager could allow", 2], ["allow for remote", 2], ["for remote code", 2], ["in unified communications", 2], ["could allow for remote", 2], ["allow for remote code", 2], ["for remote code execution", 2], ["system .", 2], ["allows a", 2], ["! vulnerability", 2], ["into the", 2], ["you use", 2], ["use ", 2], [" , which", 2], ["unspecified vulnerability", 2], ["unspecified vulnerability in", 2], ["unspecified vulnerability in ", 2], [" uncovers", 2], ["in g", 2], ["found in g", 2], ["was found in g", 2], ["of any", 2], ["qualcomm fs_diag_deltree_handler", 2], ["fs_diag_deltree_handler ()", 2], ["google https:t.co", 2], ["on qualcomm fs_diag_deltree_handler", 2], ["qualcomm fs_diag_deltree_handler ()", 2], ["fs_diag_deltree_handler () denial", 2], ["in google https:t.co", 2], ["android on qualcomm fs_diag_deltree_handler", 2], ["on qualcomm fs_diag_deltree_handler ()", 2], ["qualcomm fs_diag_deltree_handler () denial", 2], ["fs_diag_deltree_handler () denial of", 2], ["found in google https:t.co", 2], [" !", 2], ["this new", 2], [" vulnerability allows", 2], [". read", 2], ["patch now", 2], ["info sql", 2], ["info sql injection", 2], ["info sql injection vulnerability", 2], [" insider", 2], ["with ddos", 2], ["- cross-site", 2], ["cve-0000-0000 - cross-site", 2], ["- cross-site scripting", 2], ["cve-0000-0000 - cross-site scripting", 2], ["- cross-site scripting (", 2], ["usn-0000-0 :", 2], ["graphics drivers", 2], [" graphics drivers", 2], ["vulnerability without", 2], ["severe ' ", 2], ["' '", 2], [" ' vulnerability", 2], ["a severe ' ", 2], ["severe ' '", 2], ["' ' vulnerability", 2], ["in #edge", 2], ["fails to", 2], ["so ", 2], ["0000 :", 2], ["vulnerability |", 2], [": office memory", 2], [": ios", 2], ["ios trustjacking", 2], ["trustjacking vulnerability", 2], ["ios trustjacking vulnerability", 2], ["iphone and ", 2], ["as critical", 2], ["classified as critical", 2], ["extension in", 2], ["extension in ", 2], [": crazy", 2], [", i", 2], ["were to", 2], ["ios sync", 2], ["sync vulnerability", 2], ["allows cybercriminal", 2], ["cybercriminal access", 2], ["ios sync vulnerability", 2], ["sync vulnerability in", 2], [" allows cybercriminal", 2], ["allows cybercriminal access", 2], ["ios sync vulnerability in", 2], ["sync vulnerability in ", 2], ["in allows cybercriminal", 2], [" allows cybercriminal access", 2], ["years ,", 2], ["redirection vulnerability", 2], ["devices integrated", 2], ["integrated gpus", 2], ["devices integrated gpus", 2], ["office 000", 2], ["the biggest", 2], ["that allows attackers", 2], [" a", 2], ["devices are", 2], ["that can", 2], ["to #ddos", 2], [" devices are", 2], [": oracle", 2], ["oracle mysql", 2], ["0 vulnerability", 2], ["cve-0000-0000 : oracle", 2], [": oracle mysql", 2], ["mysql ( subcomponent", 2], ["cve-0000-0000 : oracle mysql", 2], [" mysql ( subcomponent", 2], ["mysql ( subcomponent :", 2], [" still", 2], ["vulnerability disclosed", 2], ["disclosed by", 2], ["vulnerability disclosed by", 2], ["immediately fix", 2], ["fix a", 2], ["for windows", 2], ["immediately fix a", 2], ["fix a vulnerability", 2], ["immediately fix a vulnerability", 2], ["fix a vulnerability in", 2], ["not the", 2], [". ", 2], ["and server", 2], ["0.0 media", 2], ["0.0 media framework", 2], [" junos", 2], ["x0 processor", 2], ["shield ,", 2], [", pixel", 2], ["pixel c", 2], ["c ,", 2], ["tegra x0 processor", 2], ["x0 processor vulnerability", 2], ["processor vulnerability discovered", 2], ["shield , pixel", 2], [", pixel c", 2], ["pixel c ,", 2], ["c , and", 2], ["tegra x0 processor vulnerability", 2], ["x0 processor vulnerability discovered", 2], ["shield , pixel c", 2], [", pixel c ,", 2], ["pixel c , and", 2], ["serious vulnerability has been", 2], ["\" use-after-free", 2], [": \"", 2], ["() \" use-after-free", 2], ["\" use-after-free vulnerability", 2], ["use-after-free vulnerability (", 2], ["@hosselot : \"", 2], ["() \" use-after-free vulnerability", 2], ["\" use-after-free vulnerability (", 2], ["use-after-free vulnerability ( cve-0000-0000)", 2], ["targets microsoft", 2], ["office documents", 2], ["targets microsoft office", 2], ["microsoft office documents", 2], ["targets microsoft office documents", 2], ["flaws in", 2], ["security flaws in", 2], ["0.00 ext", 2], ["ext ,", 2], ["the internet", 2], [", 0.00 ext", 2], ["0.00 ext ,", 2], ["ext , 0.00", 2], ["in the internet", 2], ["the internet graphics", 2], ["0.00 , 0.00 ext", 2], [", 0.00 ext ,", 2], ["0.00 ext , 0.00", 2], ["ext , 0.00 ,", 2], [" assistant", 2], ["massive #ddos attack", 2], ["massive #ddos attack on", 2], ["huge ddos", 2], ["why intel", 2], ["patch tlbleed", 2], ["tlbleed vulnerability", 2], [", despite", 2], ["despite serious", 2], ["serious concerns", 2], ["concerns for", 2], ["patch tlbleed vulnerability", 2], ["tlbleed vulnerability ,", 2], ["vulnerability , despite", 2], [", despite serious", 2], ["despite serious concerns", 2], ["serious concerns for", 2], ["concerns for ", 2], ["for users", 2], ["patch tlbleed vulnerability ,", 2], ["tlbleed vulnerability , despite", 2], ["vulnerability , despite serious", 2], [", despite serious concerns", 2], ["despite serious concerns for", 2], ["serious concerns for ", 2], ["concerns for users", 2], [" researcher", 2], ["a #security", 2], ["world of", 2], ["computer | \" ", 2], ["0 )", 2], ["#infosec #ddos", 2], ["zero-day vulnerability (", 2], ["remote ]", 2], ["( metasploit", 2], ["metasploit )", 2], [": [ remote", 2], ["[ remote ]", 2], ["remote ] ", 2], ["( metasploit )", 2], ["#security : [ remote", 2], [": [ remote ]", 2], ["[ remote ] ", 2], ["remote ] -", 2], ["the worst", 2], ["allow attackers", 2], ["in apps", 2], ["allow attackers to", 2], ["in apps script", 2], ["authentication in", 2], ["authentication in ", 2], ["authentication in remote", 2], ["website of", 2], ["by #ddos", 2], ["attacks from", 2], ["hit by #ddos", 2], [" hit by #ddos", 2], ["would be", 2], ["the world", 2], ["would be a", 2], ["use after", 2], ["after free", 2], ["free vulnerability", 2], ["use after free", 2], ["after free vulnerability", 2], ["use after free vulnerability", 2], ["forgery vulnerability", 2], ["request forgery vulnerability", 2], ["major websites", 2], ["important vulnerability", 2], ["devices (", 2], [" devices (", 2], ["after vulnerability", 2], ["new cpu vulnerability", 2], ["a new cpu vulnerability", 2], ["ibm ", 2], ["unknown vulnerability [", 2], ["vulnerability [ cve-0000-0000", 2], ["unknown vulnerability [ cve-0000-0000", 2], ["vulnerability [ cve-0000-0000 ]", 2], ["vulnerability poc", 2], ["affects all", 2], ["to escalate", 2], ["escalate privileges", 2], ["privileges on", 2], ["vulnerability to escalate", 2], ["to escalate privileges", 2], ["escalate privileges on", 2], ["privileges on ", 2], ["vulnerability to escalate privileges", 2], ["to escalate privileges on", 2], ["escalate privileges on ", 2], ["privileges on devices", 2], ["android qualcomm", 2], [" android qualcomm", 2], ["software when", 2], ["when the", 2], ["execution vulnerability exists", 2], ["software when the", 2], ["code execution vulnerability exists", 2], ["execution vulnerability exists in", 2], ["massive vulnerability", 2], [": issues", 2], [": issues emergency", 2], ["go 0.0", 2], ["go 0.0 .", 2], ["go 0.0 . 0", 2], ["or a", 2], ["cybersecurity vulnerability", 2], ["vulnerability revealed", 2], ["revealed after", 2], ["00-day hack", 2], ["cybersecurity vulnerability revealed", 2], ["vulnerability revealed after", 2], ["revealed after ", 2], ["after government", 2], ["cybersecurity vulnerability revealed after", 2], ["vulnerability revealed after ", 2], ["revealed after government", 2], ["based on", 2], [" as", 2], [". ddos", 2], ["android ( the affected", 2], [": critical", 2], [": critical vulnerability", 2], ["in financial", 2], ["of with", 2], [", java", 2], ["se embedded", 2], ["embedded component", 2], ["se , java", 2], [", java se", 2], ["java se embedded", 2], ["se embedded component", 2], ["embedded component of", 2], ["java se , java", 2], ["se , java se", 2], [", java se embedded", 2], ["java se embedded component", 2], ["se embedded component of", 2], ["embedded component of ", 2], ["\" is", 2], ["has the", 2], ["the ability", 2], ["ability to", 2], ["the ability to", 2], ["#vulnerability [", 2], [", and products", 2], [" rational", 2], ["vuln : updater", 2], ["#0day #exploit", 2], ["- remote code", 2], ["#0day #exploit ]", 2], ["- remote code execution", 2], ["could potentially", 2], ["fix the", 2], ["to fix the", 2], [": android camera", 2], [" lets", 2], ["in lets", 2], ["flaw in lets", 2], ["the windows", 2], ["hack ", 2], [" allows remote", 2], ["in allows remote", 2], ["vuln : office", 2], ["that \"", 2], ["\" vulnerability in", 2], ["through a", 2], ["driver information", 2], ["disclosure [", 2], ["camera driver information", 2], ["driver information disclosure", 2], ["information disclosure [", 2], ["disclosure [ cve-0000-00000]", 2], ["android camera driver information", 2], ["camera driver information disclosure", 2], ["driver information disclosure [", 2], ["information disclosure [ cve-0000-00000]", 2], ["disclosure [ cve-0000-00000] :", 2], ["x ,", 2], ["( debian_linux", 2], ["debian_linux ,", 2], [", traffic_server", 2], ["traffic_server )", 2], ["cve-0000-0000 ( debian_linux", 2], ["( debian_linux ,", 2], ["debian_linux , traffic_server", 2], [", traffic_server )", 2], ["cve-0000-0000 ( debian_linux ,", 2], ["( debian_linux , traffic_server", 2], ["debian_linux , traffic_server )", 2], ["able to", 2], ["\" the", 2], ["been discovered in ", 2], ["and 00", 2], ["00 other", 2], ["and 00 other", 2], ["x0 soc", 2], ["soc can", 2], ["be used", 2], [" 's tegra", 2], ["'s tegra x0", 2], ["tegra x0 soc", 2], ["x0 soc can", 2], ["soc can be", 2], ["can be used", 2], ["be used to", 2], ["used to hack", 2], ["in 's tegra", 2], [" 's tegra x0", 2], ["'s tegra x0 soc", 2], ["tegra x0 soc can", 2], ["x0 soc can be", 2], ["soc can be used", 2], ["can be used to", 2], ["be used to hack", 2], ["go down", 2], ["change their", 2], ["to change their", 2], ["security -", 2], ["allow an", 2], [", sap", 2], ["sap kernel", 2], ["kernel 00", 2], [", sap kernel", 2], ["sap kernel 00", 2], [", sap kernel 00", 2], ["'s edge", 2], ["browser has", 2], ["major vulnerability", 2], ["allow your", 2], ["your data", 2], ["data to", 2], ["be taken", 2], ["taken without", 2], [" 's edge", 2], ["'s edge browser", 2], ["edge browser has", 2], ["browser has a", 2], ["has a major", 2], ["a major vulnerability", 2], ["major vulnerability that", 2], ["could allow your", 2], ["allow your data", 2], ["your data to", 2], ["data to be", 2], ["to be taken", 2], ["be taken without", 2], [" 's edge browser", 2], ["'s edge browser has", 2], ["edge browser has a", 2], ["browser has a major", 2], ["has a major vulnerability", 2], ["a major vulnerability that", 2], ["major vulnerability that could", 2], ["vulnerability that could allow", 2], ["that could allow your", 2], ["could allow your data", 2], ["allow your data to", 2], ["your data to be", 2], ["data to be taken", 2], ["to be taken without", 2], ["? ddos", 2], ["rt @teamcymru", 2], ["@teamcymru :", 2], ["rt @teamcymru :", 2], ["zero-day rce", 2], ["the same", 2], ["same vulnerability", 2], ["the same vulnerability", 2], ["jscript .", 2], ["heap overflow", 2], ["jscript . dll", 2], ["integrated portal", 2]] -------------------------------------------------------------------------------- /utils/io.py: -------------------------------------------------------------------------------- 1 | 2 | 3 | import csv 4 | import json 5 | 6 | 7 | def readTXTFile(path, verbose=False): 8 | """ 9 | TODO: It is not the best way of reading txt files 10 | 11 | :param path: 12 | :param verbose: 13 | :return: 14 | """ 15 | with open(path, 'r') as f: 16 | data = f.readlines() 17 | if verbose: 18 | print("[I] file read complete with length", len(data)) 19 | return data 20 | 21 | 22 | def readJSONFile(path, verbose=False): 23 | 24 | with open(path, "r") as f: 25 | data = json.load(f) 26 | if verbose: 27 | print("[I] file read complete") 28 | return data 29 | 30 | 31 | def writeJSONFile(data, path, verbose=False): 32 | with open(path, "w") as f: 33 | json.dump(data, f) 34 | if verbose: 35 | print("[I] file written complete: " + path) 36 | 37 | 38 | def readTSVFile(path, verbose=False): 39 | 40 | with open(path, 'r') as f: 41 | data = [line.strip().split('\t') for line in f] 42 | if verbose: 43 | print("[I] file read complete with length", len(data)) 44 | return data 45 | 46 | def readJSONLine(path, verbose=False): 47 | 48 | input = readTXTFile(path) 49 | 50 | data = [] 51 | for each_line in input: 52 | each_line = each_line.strip() 53 | each_line = json.loads(each_line) 54 | data.append(each_line) 55 | if verbose: 56 | print("[I] file read complete") 57 | return data 58 | 59 | def writeJSONLine(path, data, verbose=False): 60 | 61 | with open(path, 'w') as f: 62 | for i in data: 63 | json.dump(i, f) 64 | f.write('\n') 65 | 66 | if verbose: 67 | print("[I] file written complete: " + path) -------------------------------------------------------------------------------- /utils/tagging_process.py: -------------------------------------------------------------------------------- 1 | 2 | def taggingSeperate(line): 3 | 4 | """ 5 | split tagging results into [token], [tags] format 6 | :param data: results from tagging tools 7 | :return: 8 | 9 | EXAMPLE 10 | 11 | Input: james/B-person ball/I-person |/O citigroup/O incorporated/O |/O email/O vice/O president/O of/O web/O application/O vulnerability/O analysis/O |/O @citigrou/O .../O https://t.co/gs20umuhr3/O 12 | Output: ['james', 'ball', '|', 'citigroup', 'incorporated', '|', 'email', 'vice', 'president', 'of', 'web', 'application', 'vulnerability', 'analysis', '|', '@citigrou', '...', 'https:t.cogs20umuhr3'], ['B-person', 'I-person', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O'] 13 | 14 | """ 15 | 16 | tweet = [] 17 | tags = [] 18 | tweetData = line.strip().split(' ') 19 | for token in tweetData: 20 | splitData = token.split('/') 21 | datatweet = '' 22 | for i in range(0, len(splitData) - 1): 23 | datatweet += splitData[i] + '' 24 | tweet.append(datatweet) 25 | tags.append(splitData[-1]) 26 | return tweet, tags 27 | 28 | 29 | def getEntitySegClass(tweet, annot, lower=False, getIndices=True): 30 | 31 | """ 32 | get segments containing ENTITYs 33 | :param tweet: a specific tweet (NEED TO BE SPLITTED) 34 | :param annot: corresponding tags (NEED TO BE SPLITTED) 35 | :param lower: 36 | :param getIndices: 37 | :return: [segs] 38 | 39 | ATT: input should be a single tweet 40 | 41 | EXAMPLE 42 | 43 | Input: ['james', 'ball', '|', 'citigroup', 'incorporated', '|', 'email', 'vice', 'president', 'of', 'web', 'application', 'vulnerability', 'analysis', '|', '@citigrou', '...', 'https:t.cogs20umuhr3'], ['B-person', 'I-person', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O'] 44 | Output: [('james ball', ((0, 2), 'B-person'))] 45 | 46 | """ 47 | 48 | start = None 49 | result = [] 50 | for i in range(len(tweet)): 51 | if "B-" in annot[i]: 52 | if start != None: 53 | if getIndices: 54 | if start != len(tweet): 55 | result.append((' '.join(tweet[start:i]), (start, i, annot[start]))) 56 | else: 57 | result.append((' '.join(tweet[start:i]), (start, i, annot[start]))) 58 | else: 59 | result.append(' '.join(tweet[start:i])) 60 | start = i 61 | elif annot[i] == 'O' and start != None: 62 | if getIndices: 63 | result.append((' '.join(tweet[start:i]), ((start, i), annot[start]))) 64 | else: 65 | result.append(' '.join(tweet[start:i])) 66 | start = None 67 | if start != None: 68 | if getIndices: 69 | result.append((' '.join(tweet[start:i + 1]), (start, i + 1, annot[start]))) 70 | else: 71 | result.append(' '.join(tweet[start:i + 1])) 72 | if lower: 73 | if getIndices: 74 | result = [(x[0].lower(), x[1]) for x in result] 75 | else: 76 | result = [(x.lower()) for x in result] 77 | return result 78 | 79 | 80 | def replaceEntityTarget(ent_tuple, tweet, tag): 81 | 82 | """ 83 | replace ENTITY with TARGET 84 | :param ent: target words needed to be replaced 85 | :param tweet: tweet tokens (NEED TO BE SPLITTED) 86 | :param tag: corresponding tags (NEED TO BE SPLITTED) 87 | :return: tweet (target words marked as TARGET), tag (target words marked as MOD) 88 | 89 | ATT: input should be a single tweet, and in ent_tuple, the location for entity should be identified 90 | 91 | EXAMPLE 92 | 93 | Input: ent_tuple = ('james ball', (0, 2)) 94 | Output: (['', '|', 'citigroup', 'incorporated', '|', 'email', 'vice', 'president', 'of', 'web', 'application', 'vulnerability', 'analysis', '|', '@citigrou', '...', 'https:t.cogs20umuhr3'], ['MOD', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O']) 95 | 96 | """ 97 | 98 | def modTweetTargetEnt(tweet, ent, indices): 99 | start = indices[0] 100 | end = indices[1] 101 | assert ent == " ".join(tweet[start:end]) 102 | del tweet[start:end] 103 | tweet.insert(start, "") 104 | return tweet 105 | 106 | def modTweetTarTags(tags, indices): 107 | start = indices[0] 108 | end = indices[1] 109 | del tags[start:end] 110 | tags.insert(start, "MOD") 111 | return tags 112 | 113 | # replace ENTITY with TARGET 114 | ent = ent_tuple[0] 115 | loc = ent_tuple[1] 116 | 117 | tweet = modTweetTargetEnt(tweet, ent, loc) 118 | tag = modTweetTarTags(tag, loc) 119 | return tweet, tag --------------------------------------------------------------------------------