Abstract
The widely adopted Common Weakness Enumeration (CWE), which stores and manages software and hardware vulnerability reports known as Common Vulnerabilities and Exposures (CVE) in a hierarchical structure, provides common baseline standard for weakness identification, mitigation, and prevention efforts. In this paper, we propose a machine-learning based method to assign pertinent CWE identifiers to new CVE entries. The proposed method formulates the task as a multi-label classification problem and exploits positive and unlabeled learning to address the lack of multi-labelled samples in learning. In evaluations, the proposed method demonstrated preferable performance compared to traditional multi-label classifiers. In particular, case studies demonstrated that multiple CWE iden-tifiers assigned to CVE entries carry essential information that can benefit security practices.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
