Automatic vulnerability classification using machine learning
- The classification of vulnerabilities is a fundamental step to derive formal attributes that allow a deeper analysis. Therefore, it is required that this classification has to be performed timely and accurate. Since the current situation demands a manual interaction in the classification process, the timely processing becomes a serious issue. Thus, we propose an automated alternative to the manual classification, because the amount of identified vulnerabilities per day cannot be processed manually anymore. We implemented two different approaches that are able to automatically classify vulnerabilities based on the vulnerability description. We evaluated our approaches, which use Neural Networks and the Naive Bayes methods respectively, on the base of publicly known vulnerabilities.
| Verfasserangaben: | Marian GawronORCiD, Feng ChengGND, Christoph MeinelORCiDGND |
|---|---|
| DOI: | https://doi.org/10.1007/978-3-319-76687-4_1 |
| ISBN: | 978-3-319-76687-4 |
| ISBN: | 978-3-319-76686-7 |
| ISSN: | 0302-9743 |
| ISSN: | 1611-3349 |
| Titel des übergeordneten Werks (Englisch): | Risks and Security of Internet and Systems |
| Verlag: | Springer |
| Verlagsort: | Cham |
| Publikationstyp: | Sonstiges |
| Sprache: | Englisch |
| Datum der Erstveröffentlichung: | 24.02.2018 |
| Erscheinungsjahr: | 2018 |
| Datum der Freischaltung: | 30.03.2022 |
| Freies Schlagwort / Tag: | Data mining Machine learning; Neural Networks; Security analytics; Vulnerability analysis |
| Seitenanzahl: | 15 |
| Erste Seite: | 3 |
| Letzte Seite: | 17 |
| Organisationseinheiten: | Digital Engineering Fakultät / Hasso-Plattner-Institut für Digital Engineering GmbH |
| DDC-Klassifikation: | 0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 000 Informatik, Informationswissenschaft, allgemeine Werke |
| Peer Review: | Referiert |
