Joint Prediction of Multiple Vulnerability Characteristics Through Multi-Task Learning
2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS)(2019)
摘要
Software vulnerabilities seriously affect the security of computing systems and they are continuously disclosed and reported. When documenting software vulnerabilities, characterizing the severity, exploitability and impact of a vulnerability is critical for effective triaging and management of software vulnerabilities. Faced with ever-growing number of new vulnerabilities, we observe a significant lag between the disclosure of a vulnerability and the specification of its characteristics. This lag calls for automated, reliable assessment of vulnerability characteristics to assist security analysts in allocating their limited efforts to potentially most serious vulnerabilities. Existing automated techniques for vulnerability assessment require hand-crafted features and balanced data, and consider each specific characteristic independently at a time. In this paper, we propose a multi-task machine learning approach for the joint prediction of multiple vulnerability characteristics based on the vulnerability descriptions. Our approach gets rid of the requirement of balanced data, and it relies on neural networks that learn to extract features from training data. Using the large-scale vulnerability data in the Common Vulnerabilities and Exposure(CVE) database, we conduct extensive experiments to compare different configurations of neural network feature extractors, study the impact of multi-task learning versus independent-task learning, and investigate the performance of our approach for predicting the characteristics of newly disclosed vulnerabilities and the minimum requirement of historical vulnerability data for training reliable prediction model.
更多查看译文
关键词
Vulnerability analysis, Multi-task learning, Feature representation learning
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络