Özet
Software vulnerabilities may lead to crucial security risks in software systems. Thus, prioritization of the vulnerabilities is an important task for security teams, and assessing how severe the vulnerabilities are would help teams during fixing and maintenance activities. We replicated a prior work which aims to predict the severity of software vulnerabilities by grouping vulnerabilities into different severity levels. We follow their approach on feature extraction using word embeddings, and on prediction model using Convolutional Neural Networks (CNNs). In addition, Long Short Term Memory (LSTM) and Extreme Gradient Boosting (XGBoost) models are used. We also extend the replicated work by aiming to predict severity scores rather than levels. We carried out two experiments for predicting severity levels and severity scores of 82,974 vulnerabilities. On predicting the severity levels, our LSTM and CNN models perform similarly with an F1 score of 0.756 F1 score and 0.752, respectively. On predicting the severity scores, LSTM, CNN and XGBoost models perform 16.14%, 17.03%, 18.91% MAPE values, respectively.
Orijinal dil | İngilizce |
---|---|
Ana bilgisayar yayını başlığı | Proceedings of EASE 2019 - Evaluation and Assessment in Software Engineering |
Yayınlayan | Association for Computing Machinery |
Sayfalar | 244-250 |
Sayfa sayısı | 7 |
ISBN (Elektronik) | 9781450371452 |
DOI'lar | |
Yayın durumu | Yayınlandı - 15 Nis 2019 |
Etkinlik | 23rd Evaluation and Assessment in Software Engineering Conference, EASE 2019 - Copenhagen, Denmark Süre: 14 Nis 2019 → 17 Nis 2019 |
Yayın serisi
Adı | ACM International Conference Proceeding Series |
---|
???event.eventtypes.event.conference???
???event.eventtypes.event.conference??? | 23rd Evaluation and Assessment in Software Engineering Conference, EASE 2019 |
---|---|
Ülke/Bölge | Denmark |
Şehir | Copenhagen |
Periyot | 14/04/19 → 17/04/19 |
Bibliyografik not
Publisher Copyright:© 2019 Association for Computing Machinery.