Automated Labeling of Entities in CVE Vulnerability Descriptions with Natural Language Processing
-
- SUMOTO Kensuke
- Waseda University
-
- KANAKOGI Kenta
- Waseda University
-
- WASHIZAKI Hironori
- Waseda University
-
- TSUDA Naohiko
- Waseda University
-
- YOSHIOKA Nobukazu
- Waseda University
-
- FUKAZAWA Yoshiaki
- Waseda University
-
- KANUKA Hideyuki
- Hitachi, Ltd.
抄録
<p>Security-related issues have become more significant due to the proliferation of IT. Collating security-related information in a database improves security. For example, Common Vulnerabilities and Exposures (CVE) is a security knowledge repository containing descriptions of vulnerabilities about software or source code. Although the descriptions include various entities, there is not a uniform entity structure, making security analysis difficult using individual entities. Developing a consistent entity structure will enhance the security field. Herein we propose a method to automatically label select entities from CVE descriptions by applying the Named Entity Recognition (NER) technique. We manually labeled 3287 CVE descriptions and conducted experiments using a machine learning model called BERT to compare the proposed method to labeling with regular expressions. Machine learning using the proposed method significantly improves the labeling accuracy. It has an f1 score of about 0.93, precision of about 0.91, and recall of about 0.95, demonstrating that our method has potential to automatically label select entities from CVE descriptions.</p>
収録刊行物
-
- IEICE Transactions on Information and Systems
-
IEICE Transactions on Information and Systems E107.D (5), 674-682, 2024-05-01
一般社団法人 電子情報通信学会
- Tweet
キーワード
詳細情報 詳細情報について
-
- CRID
- 1390299993933127680
-
- ISSN
- 17451361
- 09168532
-
- 本文言語コード
- en
-
- データソース種別
-
- JaLC
- Crossref
-
- 抄録ライセンスフラグ
- 使用不可