Litcius/Paper detail

Predicting Vulnerability Type in Common Vulnerabilities and Exposures (CVE) Database with Machine Learning Classifiers

Veneta Yosifova, Antoniya Tasheva, Roumen Trifonov

202136 citationsDOI

Abstract

Vulnerability type is not part of the standard CVE scheme so the ability to determine it only on the basis of text description would be a very useful for automated vulnerability handling. The growing number of hardware and software vulnerabilities discovered every year makes it more difficult for manual classification of the vulnerabilities types. This justifies the need for automatic machine learning classification. In this study we research the performance of base ML classifier algorithms, such as Linear Support Vector Classification, Naive Bayes, and Random Forest Classifier. To measure the performance of our classifiers, we use precision, recall, and f1-score evaluation metrics. Previous studies have focused on machine learning methods predicting platform vendor and products, vulnerability scoring, software vulnerabilities exploitation. Our study aims to show that machine learning is suitable for automated vulnerability type classification.

Topics & Concepts

Computer scienceMachine learningArtificial intelligenceNaive Bayes classifierSupport vector machineClassifier (UML)Random forestVulnerability (computing)AdaBoostSoftwareStatistical classificationData miningComputer securityProgramming languageSpam and Phishing DetectionAdvanced Malware Detection TechniquesWeb Application Security Vulnerabilities
Predicting Vulnerability Type in Common Vulnerabilities and Exposures (CVE) Database with Machine Learning Classifiers | Litcius