Litcius/Paper detail

A Machine Learning Approach to Classify Security Patches into Vulnerability Types

Xinda Wang, Shu Wang, Kun Sun, Archer L. Batcheller, Sushil Jajodia

202029 citationsDOI

Abstract

With the increasing usage of open source software (OSS) in both free and proprietary applications, vulnerabilities embedded in OSS are also propagated to the underlying applications. It is critical to find security patches to fix these vulnerabilities, especially those essential to reduce security risk. Unfortunately, given a security patch, currently there does not exist a way to automatically recognize the vulnerability that is fixed. In this paper, we first conduct an empirical study on security patches by type (i.e., corresponding vulnerability type), using a large-scale dataset collected from the National Vulnerability Database (NVD). Based on analysis results, we develop a machine learning-based system to help identify the vulnerability type of a given security patch. The evaluation results show that our system achieves good performance.

Topics & Concepts

Vulnerability (computing)Computer scienceVulnerability managementVulnerability assessmentSoftware security assuranceComputer securitySecure codingSoftwareScale (ratio)Artificial intelligenceMachine learningInformation securitySecurity serviceCartographyGeographyOperating systemPsychotherapistPsychologyPsychological resilienceSoftware Engineering ResearchAdvanced Malware Detection TechniquesSoftware Reliability and Analysis Research