Automatic vulnerability classification using machine learning
- The classification of vulnerabilities is a fundamental step to derive formal attributes that allow a deeper analysis. Therefore, it is required that this classification has to be performed timely and accurate. Since the current situation demands a manual interaction in the classification process, the timely processing becomes a serious issue. Thus, we propose an automated alternative to the manual classification, because the amount of identified vulnerabilities per day cannot be processed manually anymore. We implemented two different approaches that are able to automatically classify vulnerabilities based on the vulnerability description. We evaluated our approaches, which use Neural Networks and the Naive Bayes methods respectively, on the base of publicly known vulnerabilities.
Author details: | Marian GawronORCiD, Feng ChengGND, Christoph MeinelORCiDGND |
---|---|
DOI: | https://doi.org/10.1007/978-3-319-76687-4_1 |
ISBN: | 978-3-319-76687-4 |
ISBN: | 978-3-319-76686-7 |
ISSN: | 0302-9743 |
ISSN: | 1611-3349 |
Title of parent work (English): | Risks and Security of Internet and Systems |
Publisher: | Springer |
Place of publishing: | Cham |
Publication type: | Other |
Language: | English |
Date of first publication: | 2018/02/24 |
Publication year: | 2018 |
Release date: | 2022/03/30 |
Tag: | Data mining Machine learning; Neural Networks; Security analytics; Vulnerability analysis |
Number of pages: | 15 |
First page: | 3 |
Last Page: | 17 |
Organizational units: | Digital Engineering Fakultät / Hasso-Plattner-Institut für Digital Engineering GmbH |
DDC classification: | 0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 000 Informatik, Informationswissenschaft, allgemeine Werke |
Peer review: | Referiert |