Estimating vulnerability metrics with word embedding and multiclass classification methods

KEKÜL H., Ergen B., ARSLAN H.

International Journal of Information Security, cilt.23, sa.1, ss.247-270, 2024 (SCI-Expanded) identifier

  • Yayın Türü: Makale / Tam Makale
  • Cilt numarası: 23 Sayı: 1
  • Basım Tarihi: 2024
  • Doi Numarası: 10.1007/s10207-023-00734-7
  • Dergi Adı: International Journal of Information Security
  • Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Academic Search Premier, FRANCIS, ABI/INFORM, Applied Science & Technology Source, Business Source Elite, Business Source Premier, Compendex, Computer & Applied Sciences, Criminal Justice Abstracts, INSPEC
  • Sayfa Sayıları: ss.247-270
  • Anahtar Kelimeler: Information security, Multiclass classification, Software security, Software vulnerability, Text analysis
  • Sivas Cumhuriyet Üniversitesi Adresli: Evet

Özet

Cyber security has an increasing importance since the day when information technologies are an invariable part of modern human life. One of the fundamental areas of cyber security is the concept of software security. Security vulnerabilities in software are one of the main reasons for the exploitation of information systems. For this reason, it has been systematically reported, analyzed and classified for a long time, with a protocol established between the states and the stakeholders of the issue at the level. All these processes are carried out manually by humans today. This situation causes errors and delays caused by human nature. Therefore, the current study aims to help the experts and increase the accuracy of the analysis results by speeding up the processes. To achieve this goal, a model is proposed that uses technical explanations of security reports written in natural language. Our model basically proposes a method that uses word embedding approaches and multi-class classification algorithms from natural language processing techniques. In order to compare the proposed model more accurately, the NVD database, which is open to everyone and accepted as a reference, was chosen. In addition, previous studies in the literature and the model we propose were compared. In order for the results of the compared models to be analyzed more accurately, our model was trained with the data sets of the studies it was compared and the results were presented clearly. The proposed method showed estimation success in the range of 87.34–96.25% for CVSS 2.0 metrics, and in the range of 84–90% for CVSS 3.1. This study, in which different word embedding and classification algorithms are used together, is one of the limited studies on the latest version of the official scoring system used for classification of software security vulnerabilities. Moreover, it is the most comprehensive and original study in its field due to the size of the dataset it uses and the number of databases evaluated.