Automation of Vulnerability Classification from its Description using Machine Learning

Masaki Aota, Hideaki Kanehara, Masaki Kubo, Noboru Murata, Bo Sun, Takeshi Takahashi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Vulnerability reports play an important role in cybersecurity. Mitigation of software vulnerabilities that can be exploited by attackers depends on disclosure of vulnerabilities. Information on vulnerability types or identifiers facilitates automation of vulnerability management, statistical analysis of vulnerability trends, and secure software development. Labeling of reports with vulnerability identifiers has thus far been per-formed manually and has therefore suffered from human-induced errors and scalability issues due to the shortage of security experts. In this paper, we propose a scheme that automatically classifies each vulnerability description by type using machine learning. We experimentally demonstrated the performance of our proposed scheme compared to other algorithms, analyzed cases of misclassification, and revealed the potential for numerous human errors. We experimentally demonstrated the performance of the proposed scheme in comparison with other algorithms, analyzed cases of misclassification, and revealed the potential for numerous human errors. Furthermore, we tried to correct these errors.

Original languageEnglish
Title of host publication2020 IEEE Symposium on Computers and Communications, ISCC 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728180861
DOIs
Publication statusPublished - 2020 Jul
Event2020 IEEE Symposium on Computers and Communications, ISCC 2020 - Rennes, France
Duration: 2020 Jul 72020 Jul 10

Publication series

NameProceedings - IEEE Symposium on Computers and Communications
Volume2020-July
ISSN (Print)1530-1346

Conference

Conference2020 IEEE Symposium on Computers and Communications, ISCC 2020
CountryFrance
CityRennes
Period20/7/720/7/10

Keywords

  • machine-learning
  • security advisory
  • security automation
  • vulnerability
  • vulnerability type

ASJC Scopus subject areas

  • Software
  • Signal Processing
  • Mathematics(all)
  • Computer Science Applications
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Automation of Vulnerability Classification from its Description using Machine Learning'. Together they form a unique fingerprint.

Cite this