skip to main content
10.1145/3366424.3382707acmconferencesArticle/Chapter ViewAbstractPublication PagesthewebconfConference Proceedingsconference-collections
research-article

Predicting Missing Information of Vulnerability Reports

Published: 20 April 2020 Publication History

Abstract

We have found that there is a certain degree of missing information through studying the current exposure of software vulnerabilities. This problem is caused by incomplete information submitted by the vulnerability report submitter. In this paper, we extract the knowledge of software vulnerability in a fine-grained way, and design a machine learning method to complete the missing information through the other information of the vulnerability itself. Our method can predict and complete the missing types and causes information of vulnerability reports.

References

[1]
Xi Gong, Zhenchang Xing, Xiaohong Li, Zhiyong Feng, and Zhuobing Han. 2019. Joint Prediction of Multiple Vulnerability Characteristics Through Multi-Task Learning. In 2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS). IEEE, 31–40.
[2]
Zhuobing Han, Xiaohong Li, Hongtao Liu, Zhenchang Xing, and Zhiyong Feng. 2018. Deepweak: Reasoning common software weaknesses via knowledge graph embedding. In 2018 IEEE 25th International Conference on Software Analysis, Evolution and Reengineering (SANER). IEEE, 456–466.
[3]
Zhuobing Han, Xiaohong Li, Zhenchang Xing, Hongtao Liu, and Zhiyong Feng. 2017. Learning to predict severity of software vulnerability using only vulnerability description. In 2017 IEEE International Conference on Software Maintenance and Evolution (ICSME). IEEE, 125–136.
[4]
Hongbo Xiao, Zhenchang Xing, Xiaohong Li, and Hao Guo. 2019. Embedding and Predicting Software Security Entity Relationships: A Knowledge Graph Based Approach. In International Conference on Neural Information Processing. Springer, 50–63.

Cited By

View all
  • (2024)Multitask-Based Evaluation of Open-Source LLM on Software VulnerabilityIEEE Transactions on Software Engineering10.1109/TSE.2024.347033350:11(3071-3087)Online publication date: Nov-2024
  • (2024)A Survey of Cybersecurity Knowledge Base and Its Automatic LabelingNetwork Simulation and Evaluation10.1007/978-981-97-4522-7_4(53-70)Online publication date: 2-Aug-2024
  • (2023)Automated event extraction of CVE descriptionsInformation and Software Technology10.1016/j.infsof.2023.107178158(107178)Online publication date: Jun-2023
  • Show More Cited By

Index Terms

  1. Predicting Missing Information of Vulnerability Reports
          Index terms have been assigned to the content through auto-classification.

          Recommendations

          Comments

          Information & Contributors

          Information

          Published In

          cover image ACM Conferences
          WWW '20: Companion Proceedings of the Web Conference 2020
          April 2020
          854 pages
          ISBN:9781450370240
          DOI:10.1145/3366424
          Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

          Sponsors

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          Published: 20 April 2020

          Permissions

          Request permissions for this article.

          Check for updates

          Author Tags

          1. Common Vulnerabilities and Exposures database
          2. software security
          3. vulnerability information reasoning

          Qualifiers

          • Research-article
          • Research
          • Refereed limited

          Conference

          WWW '20
          Sponsor:
          WWW '20: The Web Conference 2020
          April 20 - 24, 2020
          Taipei, Taiwan

          Acceptance Rates

          Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

          Contributors

          Other Metrics

          Bibliometrics & Citations

          Bibliometrics

          Article Metrics

          • Downloads (Last 12 months)9
          • Downloads (Last 6 weeks)1
          Reflects downloads up to 17 Feb 2025

          Other Metrics

          Citations

          Cited By

          View all
          • (2024)Multitask-Based Evaluation of Open-Source LLM on Software VulnerabilityIEEE Transactions on Software Engineering10.1109/TSE.2024.347033350:11(3071-3087)Online publication date: Nov-2024
          • (2024)A Survey of Cybersecurity Knowledge Base and Its Automatic LabelingNetwork Simulation and Evaluation10.1007/978-981-97-4522-7_4(53-70)Online publication date: 2-Aug-2024
          • (2023)Automated event extraction of CVE descriptionsInformation and Software Technology10.1016/j.infsof.2023.107178158(107178)Online publication date: Jun-2023
          • (2022)A Survey on Data-driven Software Vulnerability Assessment and PrioritizationACM Computing Surveys10.1145/3529757Online publication date: 19-Apr-2022
          • (2021)OVANA: An Approach to Analyze and Improve the Information Quality of Vulnerability DatabasesProceedings of the 16th International Conference on Availability, Reliability and Security10.1145/3465481.3465744(1-11)Online publication date: 17-Aug-2021
          • (2021)Predicting Entity Relations across Different Security Databases by Using Graph Attention Network2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC)10.1109/COMPSAC51774.2021.00116(834-843)Online publication date: Jul-2021

          View Options

          Login options

          View options

          PDF

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader

          HTML Format

          View this article in HTML Format.

          HTML Format

          Figures

          Tables

          Media

          Share

          Share

          Share this Publication link

          Share on social media