ABSTRACT
This work proposes a multi-task Natural Language Processing (NLP) system to normalize and summarize the descriptions into a uniform structure. A dataset was curated from an official public database and broken into several constituent entities representing a particular aspect of the description. A model is trained on the annotated features independently and jointly to generate a simple and uniform summary. We also introduce our human metrics to judge the quality of the generated summary with respect to human comprehension and content accuracy.
- -. MITRE's Common Vulnerabilities and Exposures (CVE). Online, 2022.Google Scholar
- -. Microsoft Security Response Center. Online, 2022.Google Scholar
- -. IBM X-Force Exchange. Online, 2022.Google Scholar
- -. National Vulnerability Database (NVD). Online, 2022.Google Scholar
- Hattan Althebeiti and David Mohaisen. Enriching vulnerability reports through automated and augmented description summarization. In 23rd International Conference Information Security Applications, WISA, volume 13009 of Lecture Notes in Computer Science, pages 265--277. Springer, 2022.Google Scholar
- Ying Dong, Wenbo Guo, Yueqi Chen, Xinyu Xing, Yuqing Zhang, and Gang Wang. Towards the Detection of Inconsistencies in Public Security Vulnerability Reports. In USENIX Security Symposium, pages 869--885, 2019.Google Scholar
- Xuan Feng, Xiaojing Liao, XiaoFeng Wang, Haining Wang, Qiang Li, Kai Yang, Hongsong Zhu, and Limin Sun. Understanding and Securing Device Vulnerabilities through Automated Bug Report Analysis. In USENIX Security Symposium, pages 887--903, 2019.Google Scholar
- Philipp Kuehn, Markus Bayer, Marc Wendelborn, and Christian Reuter. OVANA: An Approach to Analyze and Improve the Information Quality of Vulnerability Databases. In International Conference on Availability, Reliability and Security, ARES, pages 22:1--22:11, 2021.Google ScholarDigital Library
- Mike Lewis, Yinhan Liu, Naman Goyal, Marjan Ghazvininejad, Abdelrahman Mohamed, Omer Levy, Veselin Stoyanov, and Luke Zettlemoyer. BART: Denoising Sequence-to-Sequence Pre-training for Natural Language Generation, Translation, and Comprehension. In Annual Meeting of the Association for Computational Linguistics, ACL, pages 7871--7880, 2020.Google ScholarCross Ref
- Colin Raffel, Noam Shazeer, Adam Roberts, Katherine Lee, Sharan Narang, Michael Matena, Yanqi Zhou, Wei Li, and Peter J. Liu. Exploring the Limits of Transfer Learning with a Unified Text-to-Text Transformer. J. Mach. Learn. Res., 21:140:1--140:67, 2020.Google Scholar
Index Terms
- Poster: Mujaz: A Summarization-based Approach for Normalized Vulnerability Description
Recommendations
Enriching Vulnerability Reports Through Automated and Augmented Description Summarization
Information Security ApplicationsAbstractSecurity incidents and data breaches are increasing rapidly, and only a fraction of them is being reported. Public vulnerability databases, e.g., national vulnerability database (NVD) and common vulnerability and exposure (CVE), have been leading ...
An Ontology-Based Approach to Text Summarization
WI-IAT '08: Proceedings of the 2008 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology - Volume 03Extractive text summarization aims to create a condensed version of one or more source documents by selecting the most informative sentences. Research in text summarization has therefore often focused on measures of the usefulness of sentences for a ...
Common Vulnerability Scoring System
Vendors have historically used proprietary methods for scoring software vulnerabilities, usually without detailing their criteria or processes. The Common Vulnerability Scoring System (CVSS) is a public initiative designed to address this issue by ...
Comments