A conceptual replication on predicting the severity of software vulnerabilities

Sefa Eren Sahin, Ayse Tosun

Araştırma sonucu: Kitap/Rapor/Konferans Bildirisinde BölümKonferans katkısıbilirkişi

22 Atıf (Scopus)

Özet

Software vulnerabilities may lead to crucial security risks in software systems. Thus, prioritization of the vulnerabilities is an important task for security teams, and assessing how severe the vulnerabilities are would help teams during fixing and maintenance activities. We replicated a prior work which aims to predict the severity of software vulnerabilities by grouping vulnerabilities into different severity levels. We follow their approach on feature extraction using word embeddings, and on prediction model using Convolutional Neural Networks (CNNs). In addition, Long Short Term Memory (LSTM) and Extreme Gradient Boosting (XGBoost) models are used. We also extend the replicated work by aiming to predict severity scores rather than levels. We carried out two experiments for predicting severity levels and severity scores of 82,974 vulnerabilities. On predicting the severity levels, our LSTM and CNN models perform similarly with an F1 score of 0.756 F1 score and 0.752, respectively. On predicting the severity scores, LSTM, CNN and XGBoost models perform 16.14%, 17.03%, 18.91% MAPE values, respectively.

Orijinal dilİngilizce
Ana bilgisayar yayını başlığıProceedings of EASE 2019 - Evaluation and Assessment in Software Engineering
YayınlayanAssociation for Computing Machinery
Sayfalar244-250
Sayfa sayısı7
ISBN (Elektronik)9781450371452
DOI'lar
Yayın durumuYayınlandı - 15 Nis 2019
Etkinlik23rd Evaluation and Assessment in Software Engineering Conference, EASE 2019 - Copenhagen, Denmark
Süre: 14 Nis 201917 Nis 2019

Yayın serisi

AdıACM International Conference Proceeding Series

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???23rd Evaluation and Assessment in Software Engineering Conference, EASE 2019
Ülke/BölgeDenmark
ŞehirCopenhagen
Periyot14/04/1917/04/19

Bibliyografik not

Publisher Copyright:
© 2019 Association for Computing Machinery.

Parmak izi

A conceptual replication on predicting the severity of software vulnerabilities' araştırma başlıklarına git. Birlikte benzersiz bir parmak izi oluştururlar.

Alıntı Yap