Combining text analysis techniques with unsupervised machine learning methodologies for improved software vulnerability management

被引:1
作者
Anastasiadis, Mike [1 ]
Aivatoglou, Georgios [1 ]
Spanos, Georgios [1 ]
Voulgaridis, Antonis [1 ]
Votis, Konstantinos [1 ]
机构
[1] Ctr Res & Technol Hellas, Informat Technol Inst, Thessaloniki, Greece
来源
2022 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE (IEEE CSR) | 2022年
基金
欧盟地平线“2020”;
关键词
Software Vulnerability categorization; Cybersecurity; Machine Learning; Clustering;
D O I
10.1109/CSR54599.2022.9850314
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Software vulnerability management constitutes a prominent research area for security analysts and researchers. One of the main pillars of the software vulnerability management is the grouping of vulnerabilities that have similar characteristics in order for the security analysts to organize more efficiently prevention and mitigation actions. For this reason, the proposed research study suggests an automated vulnerability grouping from technical descriptions based on unsupervised machine learning techniques such as Latent Dirichlet Allocation and K-means along with text analysis techniques. The results of the aforementioned methodology in a large vulnerability dataset (over 100.000 vulnerabilities) confirmed that this vulnerability clustering from the corresponding descriptions could assist in software vulnerability group homogeneity and in the simplicity of the vulnerability management procedures.
引用
收藏
页码:273 / 278
页数:6
相关论文
共 21 条
[1]   A tree-based machine learning methodology to automatically classify software vulnerabilities [J].
Aivatoglou, Georgios ;
Anastasiadis, Mike ;
Spanos, Georgios ;
Voulgaridis, Antonis ;
Votis, Konstantinos ;
Tzovaras, Dimitrios .
PROCEEDINGS OF THE 2021 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE (IEEE CSR), 2021, :312-317
[2]   A RAkEL-based methodology to estimate software vulnerability characteristics & score-an application to EU project ECHO [J].
Aivatoglou, Georgios ;
Anastasiadis, Mike ;
Spanos, Georgios ;
Voulgaridis, Antonis ;
Votis, Konstantinos ;
Tzovaras, Dimitrios ;
Angelis, Lefteris .
MULTIMEDIA TOOLS AND APPLICATIONS, 2022, 81 (07) :9459-9479
[3]  
[Anonymous], 2015, Common Vulnerability Scoring System v3.0: User Guide
[4]   Latent Dirichlet allocation [J].
Blei, DM ;
Ng, AY ;
Jordan, MI .
JOURNAL OF MACHINE LEARNING RESEARCH, 2003, 3 (4-5) :993-1022
[5]  
Bui QuangVu., 2015, P 6 INT S INFORM COM, P38
[6]   An automatic software vulnerability classification framework using term frequency-inverse gravity moment and feature selection [J].
Chen, Jinfu ;
Kudjo, Patrick Kwaku ;
Mensah, Solomon ;
Brown, Selasie Aformaley ;
Akorfu, George .
JOURNAL OF SYSTEMS AND SOFTWARE, 2020, 167
[7]  
Hartigan J. A., 1979, Applied Statistics, V28, P100, DOI 10.2307/2346830
[8]   Text Mining in Cybersecurity: A Systematic Literature Review [J].
Ignaczak, Luciano ;
Goldschmidt, Guilherme ;
Da Costa, Cristiano Andre ;
Righi, Rodrigo Da Rosa .
ACM COMPUTING SURVEYS, 2021, 54 (07)
[9]  
Miyamoto D, 2015, 2015 4TH INTERNATIONAL WORKSHOP ON BUILDING ANALYSIS DATASETS AND GATHERING EXPERIENCE RETURNS FOR SECURITY (BADGERS), P67, DOI [10.1109/BADGERS.2015.12, 10.1109/BADGERS.2015.018]
[10]  
Neuhaus Stephan, 2010, Proceedings of the 2010 IEEE 21st International Symposium on Software Reliability Engineering (ISSRE 2010), P111, DOI 10.1109/ISSRE.2010.53
123