Automated event extraction of CVE descriptions

Abstract

The dramatically increasing number of vulnerabilities makes manual vulnerability analysis increasingly more difficult. Automatic extraction of vulnerability information can help improve vulnerability analysis. However, the existing vulnerability information extraction methods do not extract from the perspective of events, and the existing event extraction methods do not consider the unique sentence structure characteristics of vulnerability descriptions, which makes it difficult to extract vulnerability information effectively. To extract vulnerability information, we treat each vulnerability as an event, and propose an approach, VE-Extractor, to automatically perform vulnerability event extraction from textual descriptions in vulnerability reports for vulnerability analysis, including extraction of vulnerability event trigger (cause) and event arguments (e.g., consequence, operation). First, we propose a new labeling method BIOFR (Begin, Inside, Outside, Front, Rear) to construct an event-perspective vulnerability data benchmark. Then, we design a question template based on event trigger, to automatically extract vulnerability event arguments through the BERT Q&A model. Experiments show the effectiveness of VE-Extractor for automatically extracting events from vulnerability description, with significant performance improvement over state-of-the-art techniques, e.g., F1-score is increased by 45.12% and 21.02% in vulnerability consequence and operation extraction, respectively. The proposed VE-Extractor achieves a higher precision and accuracy than the state-of-the-art methods. Experiments results show that our approach is effective in extracting vulnerability event information and can be used to assist vulnerability analysis, such as vulnerability classification.