2021 IEEE International Conference on Cyber Security and Resilience

Full Program

Summary:

Software vulnerabilities have become a major problem for the security analysts, since the number of new vulnerabilities is constantly growing. Thus, there was a need for a categorization system, in order to group and handle these vulnerabilities in a more efficient way. Hence, the MITRE corporation introduced the Common Weakness Enumeration (CWE) that is a list of the most common software and hardware vulnerabilities. However, the manual task of understanding and analyzing new vulnerabilities by security experts, is a very slow and exhausting process. For this reason, a new automated CWE classification methodology is introduced in this paper, based on the textual description of the vulnerabilities from National Vulnerability Database. The proposed methodology, combines textual analysis and tree-based machine learning techniques in order to classify vulnerabilities automatically. The results of the experiments showed that the proposed methodology performed pretty well achieving an overall accuracy close to 80%.

Author(s):

Georgios Aivatoglou    
CERTH-ITI
Greece

Mike Anastasiadis    
CERTH-ITI
Greece

Georgios Spanos    
CERTH-ITI
Greece

Antonis Voulgaridis    
CERTH-ITI
Greece

Konstantinos Votis    
CERTH-ITI
Greece

Dimitrios Tzovaras    
CERTH-ITI
Greece

 


Copyright © 2021 SUMMIT-TEC GROUP LTD