Welcome to the InfoSci Platform
Reference Hub1
Semi-Automatic Annotation of Natural Language Vulnerability Reports

Semi-Automatic Annotation of Natural Language Vulnerability Reports

Yan Wu, Robin Gandhi, Harvey Siy
Copyright: © 2013 |Volume: 4 |Issue: 3 |Pages: 24
ISSN: 1947-3036|EISSN: 1947-3044|EISBN13: 9781466633919|DOI: 10.4018/jsse.2013070102
Cite Article Cite Article

MLA

Wu, Yan, et al. "Semi-Automatic Annotation of Natural Language Vulnerability Reports." IJSSE vol.4, no.3 2013: pp.18-41. http://doi.org/10.4018/jsse.2013070102

APA

Wu, Y., Gandhi, R., & Siy, H. (2013). Semi-Automatic Annotation of Natural Language Vulnerability Reports. International Journal of Secure Software Engineering (IJSSE), 4(3), 18-41. http://doi.org/10.4018/jsse.2013070102

Chicago

Wu, Yan, Robin Gandhi, and Harvey Siy. "Semi-Automatic Annotation of Natural Language Vulnerability Reports," International Journal of Secure Software Engineering (IJSSE) 4, no.3: 18-41. http://doi.org/10.4018/jsse.2013070102

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Those who do not learn from past vulnerabilities are bound to repeat it. Consequently, there have been several research efforts to enumerate and categorize software weaknesses that lead to vulnerabilities. The Common Weakness Enumeration (CWE) is a community developed dictionary of software weakness types and their relationships, designed to consolidate these efforts. Yet, aggregating and classifying natural language vulnerability reports with respect to weakness standards is currently a painstaking manual effort. In this paper, the authors present a semi-automated process for annotating vulnerability information with semantic concepts that are traceable to CWE identifiers. The authors present an information-processing pipeline to parse natural language vulnerability reports. The resulting terms are used for learning the syntactic cues in these reports that are indicators for corresponding standard weakness definitions. Finally, the results of multiple machine learning algorithms are compared individually as well as collectively to semi-automatically annotate new vulnerability reports.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.