Context-Aware Software Vulnerability Classification using Machine Learning
Authors:
- Grzegorz Siewruk,
- Wojciech Mazurczyk
Abstract
Managing the vulnerabilities reported by a number of security scanning software is a tedious and time-consuming task, especially in large-scale, modern communication networks. Particular software vulnerabilities can have a range of impacts on an IT system depending on the context in which they were detected. Moreover, scanning software can report thousands of issues, which makes performing operations, such as analysis and prioritization, very costly from an organizational point of view. In this paper, we propose a context-aware software vulnerability classification system, Mixeway, that relies on machine learning to automatize the whole process. By training a model using known and analyzed vulnerabilities together with Natural Language Processing techniques to properly manage the information that the vulnerability description contains, we show that it is possible to predict the class that defines how severe the detected vulnerability is. The experimental results obtained on a real-life dataset collected by Mixeway for about 12 months from the infrastructure of one of the major mobile network operators in Poland prove that the proposed solution is useful and effective.
- Record ID
- WUTbc26992176f94cc3be37d3afcef754cc
- Author
- Journal series
- IEEE Access, ISSN 2169-3536
- Issue year
- 2021
- Vol
- 9
- Pages
- 1-16
- Keywords in English
- it security, devsecops, machine learning, classification, vulnerability classification
- ASJC Classification
- ; ;
- DOI
- DOI:10.1109/access.2021.3075385 Opening in a new tab
- URL
- https://ieeexplore.ieee.org/document/9411853 Opening in a new tab
- Language
- eng (en) English
- License
- File
-
- File: 1
- Context-Aware Software Vulnerability Classification using Machine Learning, File Context-Aware.pdf / 1 MB
- Context-Aware.pdf
- publication date: 12-05-2021
- Context-Aware Software Vulnerability Classification using Machine Learning, File Context-Aware.pdf / 1 MB
-
- Score (nominal)
- 100
- Score source
- journalList
- Score
- = 100.0, 05-05-2022, ArticleFromJournal
- Publication indicators
- = 2; = 0; = 2; : 2018 = 1.718; : 2020 (2 years) = 3.367 - 2020 (5 years) =3.671
- Citation count
- 2
- Uniform Resource Identifier
- https://repo.pw.edu.pl/info/article/WUTbc26992176f94cc3be37d3afcef754cc/
- URN
urn:pw-repo:WUTbc26992176f94cc3be37d3afcef754cc
* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or PerishOpening in a new tab system.