As the field of computer science has advanced over the years, there has been a tremendous increase in the software being created, and this increase has been accompanied by an increase in the number of software vulnerabilities. A software vulnerability is a security flaw found in software that can potentially be exploited by attackers to perform cyber attacks. Since automatic approaches for identifying and analyzing vulnerabilities have become a trending topic in research, community, the classification of vulnerability is still an open issue. Developers need to know more about characteristics and types of vulnerabilities in systems to adopt suitable countermeasures in current and next versions. With this paper, we investigate whether vulnerability descriptions alone can be used to identify the type of vulnerability, by comparing five shallow learning models and fourteen deep learning models. The model with the highest F1-score was the Stacking-DNN (98.8%). On performing comprehensive analysis, the experiments demonstrate that both shallow and deep classifiers show comparable performance when trained and tested using the dataset without duplicates, while shallow classifiers showed better performance when trained and tested using the dataset with duplicates.

Automatic Classification of Vulnerabilities using Deep Learning and Machine Learning Algorithms

Visaggio C. A.;Laudanna S.
2021-01-01

Abstract

As the field of computer science has advanced over the years, there has been a tremendous increase in the software being created, and this increase has been accompanied by an increase in the number of software vulnerabilities. A software vulnerability is a security flaw found in software that can potentially be exploited by attackers to perform cyber attacks. Since automatic approaches for identifying and analyzing vulnerabilities have become a trending topic in research, community, the classification of vulnerability is still an open issue. Developers need to know more about characteristics and types of vulnerabilities in systems to adopt suitable countermeasures in current and next versions. With this paper, we investigate whether vulnerability descriptions alone can be used to identify the type of vulnerability, by comparing five shallow learning models and fourteen deep learning models. The model with the highest F1-score was the Stacking-DNN (98.8%). On performing comprehensive analysis, the experiments demonstrate that both shallow and deep classifiers show comparable performance when trained and tested using the dataset without duplicates, while shallow classifiers showed better performance when trained and tested using the dataset with duplicates.
2021
978-1-6654-3900-8
classification
deep neural networks
machine learning
stacking
Vulnerability
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.12070/53456
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 4
  • ???jsp.display-item.citation.isi??? 0
social impact