Guoyan Huang
Automatic classification method for software vulnerability based on deep neural network
Huang, Guoyan; Li, Yazhou; Wang, Qian; Ren, Jiadong; Cheng, Yongqiang; Zhao, Xiaolin
Authors
Yazhou Li
Qian Wang
Jiadong Ren
Yongqiang Cheng
Xiaolin Zhao
Abstract
Software vulnerabilities are the root causes of various security risks. Once a vulnerability is exploited by malicious attacks, it will greatly compromise the safety of the system, and may even cause catastrophic losses. Hence automatic classification methods are desirable to effectively manage the vulnerability in software, improve the security performance of the system, and reduce the risk of the system being attacked and damaged. In this paper, a new automatic vulnerability classification model (TFI-DNN) has been proposed. The model is built upon term frequency-inverse document frequency (TF-IDF), information gain (IG), and deep neural network (DNN): The TF-IDF is used to calculate the frequency and weight of each word from vulnerability description; the IG is used for feature selection to obtain an optimal set of feature word, and; the DNN neural network model is used to construct an automatic vulnerability classifier to achieve effective vulnerability classification. The National Vulnerability Database of the United States has been used to validate the effectiveness of the proposed model. Compared to SVM, Naive Bayes, and KNN, the TFI-DNN model has achieved better performance in multi-dimensional evaluation indexes including accuracy, recall rate, precision, and F1-score.
Citation
Huang, G., Li, Y., Wang, Q., Ren, J., Cheng, Y., & Zhao, X. (2019). Automatic classification method for software vulnerability based on deep neural network. IEEE Access, 7, 28291-28298. https://doi.org/10.1109/ACCESS.2019.2900462
| Journal Article Type | Article |
|---|---|
| Acceptance Date | Feb 7, 2019 |
| Online Publication Date | Feb 28, 2019 |
| Publication Date | Feb 28, 2019 |
| Deposit Date | Mar 2, 2019 |
| Publicly Available Date | Mar 4, 2019 |
| Journal | IEEE Access |
| Electronic ISSN | 2169-3536 |
| Publisher | Institute of Electrical and Electronics Engineers |
| Peer Reviewed | Peer Reviewed |
| Volume | 7 |
| Pages | 28291-28298 |
| DOI | https://doi.org/10.1109/ACCESS.2019.2900462 |
| Keywords | Deep neural network; Information gain; Software security; Vulnerability classification |
| Public URL | https://hull-repository.worktribe.com/output/1349667 |
| Publisher URL | https://ieeexplore.ieee.org/document/8654631 |
| Contract Date | Mar 4, 2019 |
Files
Article
(470 Kb)
PDF
Copyright Statement
(c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
You might also like
Using outlier elimination to assess learning-based correspondence matching methods
(2024)
Journal Article
An AI-Driven Secure and Intelligent Robotic Delivery System
(2022)
Journal Article
Downloadable Citations
About Repository@Hull
Administrator e-mail: repository@hull.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search