The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Os administradores de sistemas e responsáveis pela segurança de uma organização precisam lidar com ativos de TI vulneráveis, especialmente aqueles com vulnerabilidades graves, para minimizar o risco de exploração dessas vulnerabilidades. O Common Vulnerability Scoring System (CVSS) pode ser usado como um meio para calcular a pontuação de gravidade das vulnerabilidades, mas atualmente exige que operadores humanos escolham os valores de entrada. Uma Rede Neural Convolucional (CNN) em nível de palavra foi proposta para estimar os parâmetros de entrada do CVSS e derivar a pontuação de gravidade das notas de vulnerabilidade, mas sua precisão precisa ser melhorada ainda mais. Neste artigo, propomos uma CNN em nível de personagem para estimar as pontuações de gravidade. Experimentos mostram que o esquema proposto supera o convencional em termos de precisão e como os erros ocorrem.
Shunta NAKAGAWA
Kobe University
Tatsuya NAGAI
Kobe University
Hideaki KANEHARA
National Institute of Information and Communications Technology
Keisuke FURUMOTO
National Institute of Information and Communications Technology
Makoto TAKITA
Kobe University
Yoshiaki SHIRAISHI
Kobe University
Takeshi TAKAHASHI
National Institute of Information and Communications Technology
Masami MOHRI
Gifu University
Yasuhiro TAKANO
Kobe University
Masakatu MORII
Kobe University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Shunta NAKAGAWA, Tatsuya NAGAI, Hideaki KANEHARA, Keisuke FURUMOTO, Makoto TAKITA, Yoshiaki SHIRAISHI, Takeshi TAKAHASHI, Masami MOHRI, Yasuhiro TAKANO, Masakatu MORII, "Character-Level Convolutional Neural Network for Predicting Severity of Software Vulnerability from Vulnerability Description" in IEICE TRANSACTIONS on Information,
vol. E102-D, no. 9, pp. 1679-1682, September 2019, doi: 10.1587/transinf.2018OFL0006.
Abstract: System administrators and security officials of an organization need to deal with vulnerable IT assets, especially those with severe vulnerabilities, to minimize the risk of these vulnerabilities being exploited. The Common Vulnerability Scoring System (CVSS) can be used as a means to calculate the severity score of vulnerabilities, but it currently requires human operators to choose input values. A word-level Convolutional Neural Network (CNN) has been proposed to estimate the input parameters of CVSS and derive the severity score of vulnerability notes, but its accuracy needs to be improved further. In this paper, we propose a character-level CNN for estimating the severity scores. Experiments show that the proposed scheme outperforms conventional one in terms of accuracy and how errors occur.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2018OFL0006/_p
Copiar
@ARTICLE{e102-d_9_1679,
author={Shunta NAKAGAWA, Tatsuya NAGAI, Hideaki KANEHARA, Keisuke FURUMOTO, Makoto TAKITA, Yoshiaki SHIRAISHI, Takeshi TAKAHASHI, Masami MOHRI, Yasuhiro TAKANO, Masakatu MORII, },
journal={IEICE TRANSACTIONS on Information},
title={Character-Level Convolutional Neural Network for Predicting Severity of Software Vulnerability from Vulnerability Description},
year={2019},
volume={E102-D},
number={9},
pages={1679-1682},
abstract={System administrators and security officials of an organization need to deal with vulnerable IT assets, especially those with severe vulnerabilities, to minimize the risk of these vulnerabilities being exploited. The Common Vulnerability Scoring System (CVSS) can be used as a means to calculate the severity score of vulnerabilities, but it currently requires human operators to choose input values. A word-level Convolutional Neural Network (CNN) has been proposed to estimate the input parameters of CVSS and derive the severity score of vulnerability notes, but its accuracy needs to be improved further. In this paper, we propose a character-level CNN for estimating the severity scores. Experiments show that the proposed scheme outperforms conventional one in terms of accuracy and how errors occur.},
keywords={},
doi={10.1587/transinf.2018OFL0006},
ISSN={1745-1361},
month={September},}
Copiar
TY - JOUR
TI - Character-Level Convolutional Neural Network for Predicting Severity of Software Vulnerability from Vulnerability Description
T2 - IEICE TRANSACTIONS on Information
SP - 1679
EP - 1682
AU - Shunta NAKAGAWA
AU - Tatsuya NAGAI
AU - Hideaki KANEHARA
AU - Keisuke FURUMOTO
AU - Makoto TAKITA
AU - Yoshiaki SHIRAISHI
AU - Takeshi TAKAHASHI
AU - Masami MOHRI
AU - Yasuhiro TAKANO
AU - Masakatu MORII
PY - 2019
DO - 10.1587/transinf.2018OFL0006
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E102-D
IS - 9
JA - IEICE TRANSACTIONS on Information
Y1 - September 2019
AB - System administrators and security officials of an organization need to deal with vulnerable IT assets, especially those with severe vulnerabilities, to minimize the risk of these vulnerabilities being exploited. The Common Vulnerability Scoring System (CVSS) can be used as a means to calculate the severity score of vulnerabilities, but it currently requires human operators to choose input values. A word-level Convolutional Neural Network (CNN) has been proposed to estimate the input parameters of CVSS and derive the severity score of vulnerability notes, but its accuracy needs to be improved further. In this paper, we propose a character-level CNN for estimating the severity scores. Experiments show that the proposed scheme outperforms conventional one in terms of accuracy and how errors occur.
ER -