An automatic vulnerability classification framework based on BiGRU-TextCNN

Abstract

Common Vulnerabilities and Exposures (CVE) records known vulnerabilities and provides standardized descriptions. By utilizing Common Weakness Enumeration (CWE) to classify vulnerabilities, it can provide richer background knowledge and more detailed mitigation measures for the vulnerability. However, due to the negligence on manual classification and the evolution of vulnerabilities, the accuracy of vulnerabilities classification needs urgent improvement. Additionally, the large and ever-increasing number of vulnerabilities poses a huge challenge to the efficiency and accuracy of vulnerabilities manual classification. To address that, we propose a vulnerability classification framework based on BiGRU-TextCNN, which processes, trains, predicts to automatically classify vulnerabilities into weaknesses based on the description of vulnerability. To verify the performance and feasibility of the proposed framework, we first conducting comparison experiments on different text classification models, and then predicting the corresponding weakness with the description of vulnerability utilizing the proposed framework.