XLNet-Based Prediction Model for CVSS Metric Values

A plethora of software vulnerabilities are exposed daily, posing a severe threat to the Internet. It is almost impossible for security experts or software developers to deal with all vulnerabilities. Therefore, it is imperative to rapidly assess the severity of the vulnerability to be able to select...

Full description

Saved in:
Bibliographic Details
Published in:Applied sciences 2022-09, Vol.12 (18), p.8983
Main Authors: Shi, Fan, Kai, Shaofeng, Zheng, Jinghua, Zhong, Yao
Format: Article
Language:English
Subjects:
Confidentiality
CVSS
cybersecurity
Exploitation
fine-tuning
Language
machine learning
Metric system
pre-trained model
Prediction models
Security
Semantics
Software development
vulnerability assessment
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:A plethora of software vulnerabilities are exposed daily, posing a severe threat to the Internet. It is almost impossible for security experts or software developers to deal with all vulnerabilities. Therefore, it is imperative to rapidly assess the severity of the vulnerability to be able to select which one should be given preferential attention. CVSS is now the industry’s de facto evaluation standard, which is calculated with a quantitative formula to measure the severity of a vulnerability. The CVSS formula consists of several metrics related to the vulnerability’s features. Security experts need to determine the values of each metric, which is tedious and time-consuming, therefore hindering the efficiency of severity assessment. To address this problem, in this paper, we propose a method based on a pre-trained model for the prediction of CVSS metric values. More specifically, this method utilizes the XLNet model that is fine-tuned with a self-built corpus to predict the metric values from the vulnerability description text, thus reducing the burden of the assessment procedure. To verify the performance of our method, we compare the XLNet model with other pre-trained models and conventional machine learning techniques. The experimental results show that the method outperforms these models on evaluation metrics, reaching state-of-the-art performance levels.
ISSN:2076-3417
2076-3417
DOI:10.3390/app12188983