Character-Level Convolutional Neural Network for Predicting Severity of Software Vulnerability from Vulnerability Description

Shunta NAKAGAWA; Tatsuya NAGAI; Hideaki KANEHARA; Keisuke FURUMOTO; Makoto TAKITA; Yoshiaki SHIRAISHI; Takeshi TAKAHASHI; Masami MOHRI; Yasuhiro TAKANO; Masakatu MORII

doi:10.1587/transinf.2018OFL0006

Special Section on Log Data Usage Technology and Office Information Systems

Character-Level Convolutional Neural Network for Predicting Severity of Software Vulnerability from Vulnerability Description

Shunta NAKAGAWA, Tatsuya NAGAI, Hideaki KANEHARA, Keisuke FURUMOTO, Makoto TAKITA, Yoshiaki SHIRAISHI, Takeshi TAKAHASHI, Masami MOHRI, Yasuhiro TAKANO, Masakatu MORII

Author information

Shunta NAKAGAWA
Department of Electrical and Electronic Engineering, Kobe University
Tatsuya NAGAI
Department of Electrical and Electronic Engineering, Kobe University
Hideaki KANEHARA
National Institute of Information and Communications Technology
Keisuke FURUMOTO
National Institute of Information and Communications Technology
Makoto TAKITA
Department of Electrical and Electronic Engineering, Kobe University
Yoshiaki SHIRAISHI
Department of Electrical and Electronic Engineering, Kobe University
Center for Mathematical and Data Sciences, Kobe University
Takeshi TAKAHASHI
National Institute of Information and Communications Technology
Masami MOHRI
Department of Electrical, Electronic and Computer Engineering, Gifu University
Yasuhiro TAKANO
Department of Electrical and Electronic Engineering, Kobe University
Masakatu MORII
Department of Electrical and Electronic Engineering, Kobe University

Keywords: CVE, CVSS, Convolutional Neural Network

JOURNAL FREE ACCESS

2019 Volume E102.D Issue 9 Pages 1679-1682

DOI https://doi.org/10.1587/transinf.2018OFL0006

Details

Abstract

System administrators and security officials of an organization need to deal with vulnerable IT assets, especially those with severe vulnerabilities, to minimize the risk of these vulnerabilities being exploited. The Common Vulnerability Scoring System (CVSS) can be used as a means to calculate the severity score of vulnerabilities, but it currently requires human operators to choose input values. A word-level Convolutional Neural Network (CNN) has been proposed to estimate the input parameters of CVSS and derive the severity score of vulnerability notes, but its accuracy needs to be improved further. In this paper, we propose a character-level CNN for estimating the severity scores. Experiments show that the proposed scheme outperforms conventional one in terms of accuracy and how errors occur.

Corresponding author

Register with J-STAGE for free!