Multi-label Positive and Unlabeled Learning and its Application to Common Vulnerabilities and Exposure Categorization

Masaki Aota, Tao Ban, Takeshi Takahashi, Noboru Murata

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The widely adopted Common Weakness Enumeration (CWE), which stores and manages software and hardware vulnerability reports known as Common Vulnerabilities and Exposures (CVE) in a hierarchical structure, provides common baseline standard for weakness identification, mitigation, and prevention efforts. In this paper, we propose a machine-learning based method to assign pertinent CWE identifiers to new CVE entries. The proposed method formulates the task as a multi-label classification problem and exploits positive and unlabeled learning to address the lack of multi-labelled samples in learning. In evaluations, the proposed method demonstrated preferable performance compared to traditional multi-label classifiers. In particular, case studies demonstrated that multiple CWE iden-tifiers assigned to CVE entries carry essential information that can benefit security practices.

Original languageEnglish
Title of host publicationProceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021
EditorsLiang Zhao, Neeraj Kumar, Robert C. Hsu, Deqing Zou
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages988-996
Number of pages9
ISBN (Electronic)9781665416580
DOIs
Publication statusPublished - 2021
Event20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021 - Shenyang, China
Duration: 2021 Oct 202021 Oct 22

Publication series

NameProceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021

Conference

Conference20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021
Country/TerritoryChina
CityShenyang
Period21/10/2021/10/22

Keywords

  • CVE
  • CWE
  • machine learning
  • multi-label classification
  • positive and unlabeled learning

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Multi-label Positive and Unlabeled Learning and its Application to Common Vulnerabilities and Exposure Categorization'. Together they form a unique fingerprint.

Cite this