用XLNet发现软件漏洞[Appl. Sci.专栏第二篇发表论文]

已有 1310 次阅读 2022-9-8 17:03 |系统分类:论文交流

我在Applied Sciences(综合性、交叉性期刊,CiteScore=3.70IF=2.84)组织了一个Special Issue,大题目是“大数据分析进展”,比较宽泛。该专栏的推出主要是为了回应因为可获取数据和数据分析的平台、工具的快速增长给自然科学和社会科学带来的重大影响。我们特别欢迎(但不限于)下面四类稿件:(1)数据分析中的基础理论分析,例如一个系统的可预测性(比如时间序列的可预测性)、分类问题的最小误差分析、各种数据挖掘结果的稳定性和可信度分析;(2)数据分析的新方法,例如挖掘因果关系的新方法(这和Topic 1也是相关的)、多模态分析的新方法、隐私计算的新方法等等;(3)推出新的、高价值的数据集、数据分析平台、数据分析工具等等;(4)把大数据分析的方法用到自然科学和社会科学的各个分支(并获得洞见),我们特别喜欢用到那些原来定量化程度不高的学科。




XLNet-Based Prediction Model for CVSS Metric Values


A plethora of software vulnerabilities are exposed daily, posing a severe threat to the Internet. It is almost impossible for security experts or software developers to deal with all vulnerabilities. Therefore, it is imperative to rapidly assess the severity of the vulnerability to be able to select which one should be given preferential attention. CVSS is now the industry’s de facto evaluation standard, which is calculated with a quantitative formula to measure the severity of a vulnerability. The CVSS formula consists of several metrics related to the vulnerability’s features. Security experts need to determine the values of each metric, which is tedious and time-consuming, therefore hindering the efficiency of severity assessment. To address this problem, in this paper, we propose a method based on a pre-trained model for the prediction of CVSS metric values. More specifically, this method utilizes the XLNet model that is fine-tuned with a self-built corpus to predict the metric values from the vulnerability description text, thus reducing the burden of the assessment procedure. To verify the performance of our method, we compare the XLNet model with other pre-trained models and conventional machine learning techniques. The experimental results show that the method outperforms these models on evaluation metrics, reaching state-of-the-art performance levels


下一篇:深度学习预测地震——信不信由你[Appl. Sci.专栏第三篇发表论文]

1 杨正瓴

该博文允许注册用户评论 请点击登录 评论 (0 个评论)


Archiver|手机版|科学网 ( 京ICP备07017567号-12 )

GMT+8, 2023-2-1 22:09

Powered by

Copyright © 2007- 中国科学报社