Predicting Vulnerability Type in Common Vulnerabilities and Exposures (CVE) Database with Machine Learning Classifiers

Predicting Vulnerability Type in Common Vulnerabilities and Exposures (CVE) Database with Machine Learning Classifiers

연구 분야: Strategies

학회: 2021 12th National Conference with International Participation (ELECTRONICA)

Vulnerability type is not part of the standard CVE scheme so the ability to determine it only on the basis of text description would be a very useful for automated vulnerability handling. The growing number of hardware and software vulnerabilities discovered every year makes it more difficult for manual classification of the vulnerabilities types. This justifies the need for automatic machine learning classification. In this study we research the performance of base ML classifier algorithms, such as Linear Support Vector Classification, Naive Bayes, and Random Forest Classifier. To measure the performance of our classifiers, we use precision, recall, and f1-score evaluation metrics. Previous studies have focused on machine learning methods predicting platform vendor and products, vulnerability scoring, software vulnerabilities exploitation. Our study aims to show that machine learning is suitable for automated vulnerability type classification.