Litcius/Paper detail

An automatic vulnerability classification framework based on BiGRU-TextCNN

Mengyuan Pan, Po Wu, Yiwei Zou, Chong Ruan, Tao Zhang

2023Procedia Computer Science11 citationsDOIOpen Access PDF

Abstract

Common Vulnerabilities and Exposures (CVE) records known vulnerabilities and provides standardized descriptions. By utilizing Common Weakness Enumeration (CWE) to classify vulnerabilities, it can provide richer background knowledge and more detailed mitigation measures for the vulnerability. However, due to the negligence on manual classification and the evolution of vulnerabilities, the accuracy of vulnerabilities classification needs urgent improvement. Additionally, the large and ever-increasing number of vulnerabilities poses a huge challenge to the efficiency and accuracy of vulnerabilities manual classification. To address that, we propose a vulnerability classification framework based on BiGRU-TextCNN, which processes, trains, predicts to automatically classify vulnerabilities into weaknesses based on the description of vulnerability. To verify the performance and feasibility of the proposed framework, we first conducting comparison experiments on different text classification models, and then predicting the corresponding weakness with the description of vulnerability utilizing the proposed framework.

Topics & Concepts

Computer scienceVulnerability (computing)Vulnerability assessmentArtificial intelligenceData miningMachine learningComputer securityPsychological resiliencePsychotherapistPsychologySpam and Phishing DetectionWeb Application Security VulnerabilitiesAdvanced Malware Detection Techniques
An automatic vulnerability classification framework based on BiGRU-TextCNN | Litcius