A Deep Learning Approach for Classifying Vulnerability Descriptions Using Self Attention Based Neural Network

Date

2021-10-08

Advisors

Journal Title

Journal ISSN

ISSN

1064-7570

Volume Title

Publisher

Springer

Type

Article

Peer reviewed

Yes

Abstract

Cyber threat intelligence (CTI) refers to essential knowledge used by organizations to prevent or mitigate against cyber attacks. Vulnerability databases such as CVE and NVD are crucial to cyber threat intelligence, but also provide information leveraged in hundreds of security products worldwide. However, previous studies have shown that these vulnerability databases sometimes contain errors and inconsistencies which have to be manually checked by security professionals. Such inconsistencies could threaten the integrity of security products and hamper attack mitigation efforts. Hence, to assist the security community with more accurate and time-saving validation of vulnerability data, we propose an automated vulnerability classification system based on deep learning. Our proposed system utilizes a self-attention deep neural network (SA-DNN) model and text mining approach to identify the vulnerability category from the description text contained within a report. The performance of the SA-DNN-based vulnerability classification system is evaluated using 134,091 vulnerability reports from the CVE details website. The experiments performed demonstrates the effectiveness of our approach, and shows that the SA-DNN model outperforms SVM and other deep learning methods i.e. CNN-LSTM and graph convolutional neural networks.

Description

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.

Keywords

Cyber threat intelligence, Deep learning, Vulnerability classification, Graph convolutional neural network, Self attention neural network, Text mining, Common vulnerabilities and exposures, Latent Dirichlet Allocation

Citation

Vishnu, P.R., Vinod, P. and Yerima, S.Y. (2022) A Deep Learning Approach for Classifying Vulnerability Descriptions Using Self Attention Based Neural Network. Journal of Network and Systems Management, 30, 9.

Rights

Research Institute