查看文章

Vulnerability reports play an important role in cybersecurity. Mitigation of software vulnerabilities that can be exploited by attackers depends on disclosure of vulnerabilities. Information on vulnerability types or identifiers facilitates automation of vulnerability management, statistical analysis of vulnerability trends, and secure software development. Labeling of reports with vulnerability identifiers has thus far been per-formed manually and has therefore suffered from human-induced errors and scalability issues due to the shortage of security experts. In this paper, we propose a scheme that automatically classifies each vulnerability description by type using machine learning. We experimentally demonstrated the performance of our proposed scheme compared to other algorithms, analyzed cases of misclassification, and revealed the potential for numerous human errors. We experimentally demonstrated the …