Skip to main content

Research Repository

Advanced Search

Automatic classification method for software vulnerability based on deep neural network

Huang, Guoyan; Li, Yazhou; Wang, Qian; Ren, Jiadong; Cheng, Yongqiang; Zhao, Xiaolin


Guoyan Huang

Yazhou Li

Qian Wang

Jiadong Ren

Yongqiang Cheng

Xiaolin Zhao


Software vulnerabilities are the root causes of various security risks. Once a vulnerability is exploited by malicious attacks, it will greatly compromise the safety of the system, and may even cause catastrophic losses. Hence automatic classification methods are desirable to effectively manage the vulnerability in software, improve the security performance of the system, and reduce the risk of the system being attacked and damaged. In this paper, a new automatic vulnerability classification model (TFI-DNN) has been proposed. The model is built upon term frequency-inverse document frequency (TF-IDF), information gain (IG), and deep neural network (DNN): The TF-IDF is used to calculate the frequency and weight of each word from vulnerability description; the IG is used for feature selection to obtain an optimal set of feature word, and; the DNN neural network model is used to construct an automatic vulnerability classifier to achieve effective vulnerability classification. The National Vulnerability Database of the United States has been used to validate the effectiveness of the proposed model. Compared to SVM, Naive Bayes, and KNN, the TFI-DNN model has achieved better performance in multi-dimensional evaluation indexes including accuracy, recall rate, precision, and F1-score.


Huang, G., Li, Y., Wang, Q., Ren, J., Cheng, Y., & Zhao, X. (2019). Automatic classification method for software vulnerability based on deep neural network. IEEE Access, 7, 28291-28298.

Journal Article Type Article
Acceptance Date Feb 7, 2019
Online Publication Date Feb 28, 2019
Publication Date Feb 28, 2019
Deposit Date Mar 2, 2019
Publicly Available Date Mar 4, 2019
Journal IEEE Access
Electronic ISSN 2169-3536
Publisher Institute of Electrical and Electronics Engineers
Peer Reviewed Peer Reviewed
Volume 7
Pages 28291-28298
Keywords Deep neural network; Information gain; Software security; Vulnerability classification
Public URL
Publisher URL


Article (470 Kb)

Copyright Statement
(c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See<br /> for more information.

You might also like

Downloadable Citations