Cargando…
Automated CPE Labeling of CVE Summaries with Machine Learning
Open Source Security and Dependency Vulnerability Management (DVM) has become a more vital part of the software security stack in recent years as modern software tend to be more dependent on open source libraries. The largest open source of vulnerabilities is the National Vulnerability Database (NVD...
| Autores principales: | , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
2020
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7338193/ http://dx.doi.org/10.1007/978-3-030-52683-2_1 |
| _version_ | 1783554632371404800 |
|---|---|
| author | Wåreus, Emil Hell, Martin |
| author_facet | Wåreus, Emil Hell, Martin |
| author_sort | Wåreus, Emil |
| collection | PubMed |
| description | Open Source Security and Dependency Vulnerability Management (DVM) has become a more vital part of the software security stack in recent years as modern software tend to be more dependent on open source libraries. The largest open source of vulnerabilities is the National Vulnerability Database (NVD), which supplies developers with machine-readable vulnerabilities. However, sometimes Common Vulnerabilities and Exposures (CVE) have not been labeled with a Common Platform Enumeration (CPE) -version, -product and -vendor. This makes it very hard to automatically discover these vulnerabilities from import statements in dependency files. We, therefore, propose an automatic process of matching CVE summaries with CPEs through the machine learning task called Named Entity Recognition (NER). Our proposed model achieves an F-measure of 0.86 with a precision of 0.857 and a recall of 0.865, outperforming previous research for automated CPE-labeling of CVEs. |
| format | Online Article Text |
| id | pubmed-7338193 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2020 |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-73381932020-07-07 Automated CPE Labeling of CVE Summaries with Machine Learning Wåreus, Emil Hell, Martin Detection of Intrusions and Malware, and Vulnerability Assessment Article Open Source Security and Dependency Vulnerability Management (DVM) has become a more vital part of the software security stack in recent years as modern software tend to be more dependent on open source libraries. The largest open source of vulnerabilities is the National Vulnerability Database (NVD), which supplies developers with machine-readable vulnerabilities. However, sometimes Common Vulnerabilities and Exposures (CVE) have not been labeled with a Common Platform Enumeration (CPE) -version, -product and -vendor. This makes it very hard to automatically discover these vulnerabilities from import statements in dependency files. We, therefore, propose an automatic process of matching CVE summaries with CPEs through the machine learning task called Named Entity Recognition (NER). Our proposed model achieves an F-measure of 0.86 with a precision of 0.857 and a recall of 0.865, outperforming previous research for automated CPE-labeling of CVEs. 2020-06-11 /pmc/articles/PMC7338193/ http://dx.doi.org/10.1007/978-3-030-52683-2_1 Text en © Springer Nature Switzerland AG 2020 This article is made available via the PMC Open Access Subset for unrestricted research re-use and secondary analysis in any form or by any means with acknowledgement of the original source. These permissions are granted for the duration of the World Health Organization (WHO) declaration of COVID-19 as a global pandemic. |
| spellingShingle | Article Wåreus, Emil Hell, Martin Automated CPE Labeling of CVE Summaries with Machine Learning |
| title | Automated CPE Labeling of CVE Summaries with Machine Learning |
| title_full | Automated CPE Labeling of CVE Summaries with Machine Learning |
| title_fullStr | Automated CPE Labeling of CVE Summaries with Machine Learning |
| title_full_unstemmed | Automated CPE Labeling of CVE Summaries with Machine Learning |
| title_short | Automated CPE Labeling of CVE Summaries with Machine Learning |
| title_sort | automated cpe labeling of cve summaries with machine learning |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7338193/ http://dx.doi.org/10.1007/978-3-030-52683-2_1 |
| work_keys_str_mv | AT wareusemil automatedcpelabelingofcvesummarieswithmachinelearning AT hellmartin automatedcpelabelingofcvesummarieswithmachinelearning |