Context-Aware Software Vulnerabilities Classification using Machine Learning

Download paper Download (from journal)

Details

DOI: 10.1109/ACCESS.2021.3075385
Publication type: Article
Journal: IEEE Access
Publisher: Institute of Electrical and Electronics Engineers
Publication date: 2021-04-23

Abstract

Managing the vulnerabilities reported by a number of security scanning software is a tedious and time-consuming task, especially in large-scale, modern communication networks. Particular software vulnerabilities can have a range of impacts on an IT system depending on the context in which they were detected. Moreover, scanning software can report thousands of issues, which makes performing operations, such as analysis and prioritization, very costly from an organizational point of view. In this paper, we propose a context-aware software vulnerability classification system, Mixeway, that relies on machine learning to automatize the whole process. By training a model using known and analyzed vulnerabilities together with Natural Language Processing techniques to properly manage the information that the vulnerability description contains, we show that it is possible to predict the class that defines how severe the detected vulnerability is. The experimental results obtained on a real-life dataset collected by Mixeway for about 12 months from the infrastructure of one of the major mobile network operators in Poland prove that the proposed solution is useful and effective.

Authors

  • Grzegorz Siewruk
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    Warsaw University of Technology | Orange Poland
    Warsaw, Poland
  • Wojciech Mazurczyk
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    FernUniversität in Hagen | Warsaw University of Technology
    Hagen, Germany | Warsaw, Poland