Ahmed Abdirahman, Abdullahi and Osman Hashi, Abdirahman and Romo Rodriguez, Octavio Ernesto and Abdirahman Elmi, Mohamed (2024) Prediction of vulnerability severity using vulnerability description with natural language processing and deep learning. International Journal of Electrical and Computer Engineering (IJECE), 14 (4). p. 4551. ISSN 2088-8708
document.pdf - Submitted Version
Download (734kB)
Abstract
One of the most critical aspects of a software piece is its vulnerabilities. Regardless of the years of experience, type of project, or the size of the team, it is impossible to avoid introducing vulnerabilities while developing or maintaining software. This aspect becomes crucial when the software is deployed in production or released to the final users. At that point finding vulnerabilities becomes a race between the developers and malicious intruders, whoever finds it first can either exploit it or fix it. Acknowledging this situation and using the tools and standards that we have available in the field, such as common vulnerabilityexposures and common vulnerabilityscoring systems, and based on modern researches, in this study, we propose to have an approach different from the common practices of manual classification, using a 2-layer convolutional neuronal network (CNN) to automatize the classification of vulnerabilities, speeding up this process and enabling developers to have a faster response towards vulnerabilities, producing safer software. The experimental results obtainedin this study suggest that pre-trained word embeddings contributed to an increase in accuracy of approximately 2% and the overall accuracy become 0.816%.
Item Type: | Article |
---|---|
Subjects: | T Technology > T Technology (General) |
Divisions: | Faculty of Computing > Department of Information Technology |
Depositing User: | Center for Research and Development SIMAD University |
Date Deposited: | 08 Aug 2024 11:06 |
Last Modified: | 08 Aug 2024 11:06 |
URI: | https://repository.simad.edu.so/id/eprint/295 |