TY - GEN
T1 - Multi-label Positive and Unlabeled Learning and its Application to Common Vulnerabilities and Exposure Categorization
AU - Aota, Masaki
AU - Ban, Tao
AU - Takahashi, Takeshi
AU - Murata, Noboru
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - The widely adopted Common Weakness Enumeration (CWE), which stores and manages software and hardware vulnerability reports known as Common Vulnerabilities and Exposures (CVE) in a hierarchical structure, provides common baseline standard for weakness identification, mitigation, and prevention efforts. In this paper, we propose a machine-learning based method to assign pertinent CWE identifiers to new CVE entries. The proposed method formulates the task as a multi-label classification problem and exploits positive and unlabeled learning to address the lack of multi-labelled samples in learning. In evaluations, the proposed method demonstrated preferable performance compared to traditional multi-label classifiers. In particular, case studies demonstrated that multiple CWE iden-tifiers assigned to CVE entries carry essential information that can benefit security practices.
AB - The widely adopted Common Weakness Enumeration (CWE), which stores and manages software and hardware vulnerability reports known as Common Vulnerabilities and Exposures (CVE) in a hierarchical structure, provides common baseline standard for weakness identification, mitigation, and prevention efforts. In this paper, we propose a machine-learning based method to assign pertinent CWE identifiers to new CVE entries. The proposed method formulates the task as a multi-label classification problem and exploits positive and unlabeled learning to address the lack of multi-labelled samples in learning. In evaluations, the proposed method demonstrated preferable performance compared to traditional multi-label classifiers. In particular, case studies demonstrated that multiple CWE iden-tifiers assigned to CVE entries carry essential information that can benefit security practices.
KW - CVE
KW - CWE
KW - machine learning
KW - multi-label classification
KW - positive and unlabeled learning
UR - http://www.scopus.com/inward/record.url?scp=85127443011&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85127443011&partnerID=8YFLogxK
U2 - 10.1109/TrustCom53373.2021.00137
DO - 10.1109/TrustCom53373.2021.00137
M3 - Conference contribution
AN - SCOPUS:85127443011
T3 - Proceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021
SP - 988
EP - 996
BT - Proceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021
A2 - Zhao, Liang
A2 - Kumar, Neeraj
A2 - Hsu, Robert C.
A2 - Zou, Deqing
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021
Y2 - 20 October 2021 through 22 October 2021
ER -