基于概念漂移的软件漏洞评估方法

SOFTWARE VULNERABILITY ASSESSMENT METHOD BASED ON CONCEPT DRIFT

  • 摘要: 基于自然语言处理的漏洞评估方法存在概念漂移的问题,其原因是随着时间的推移对看不见的软件漏洞的评估缺乏对新术语的适当处理。为了使用软件漏洞的描述执行具有概念漂移的软件漏洞评估,提出一种结合字符和单词特征的方法。此方法用于预测7个漏洞特征,每个漏洞特征的最佳模型是使用基于时间的交叉验证方法从自然语言处理表示和机器学习模型中选择的。实验结果表明,其能有效地解决概念漂移问题,与word-only方法相比其准确度和宏平均F1分数均提高了1.7百分点,加权F1分数提高了1.3百分点,更具有竞争力。

     

    Abstract: The current vulnerability assessment methods based on natural language processing (NLP) have the problem of concept drift. The reason is that the assessment of invisible software vulnerabilities over time lacks proper handling of new terms. To perform an automatic software vulnerability evaluation with conceptual drift using the software vulnerability description, a method combining character and word features is proposed. This method was used to predict 7 vulnerability characteristics, the best model for each vulnerability characteristics were selected from natural language processing representations and machine learning models using time-based cross-validation methods. Experimental results show that it can effectively solve the problem of concept drift. Compared with the word-only method, its accuracy and macro F1-score are improved by 1.7%, and the weighted F1-score is increased by 1.3%, which is more competitive.

     

/

返回文章
返回