Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Vulnerability severity assessment method and system based on vulnerability event argument

A technology of severity and vulnerability, which is applied in the vulnerability severity evaluation method and system field based on vulnerability event arguments, and can solve problems such as unbalanced data sets, incomplete features, and large differences in the number of the same index

Pending Publication Date: 2022-07-29
YANGZHOU UNIV
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this type of task requires a large amount of data sets for training, and there is a large amount of information related to the vulnerability version and location in the vulnerability description text. Data set imbalance, for example, the number of different categories of the same indicator is very different, resulting in incomplete features learned by the model and low accuracy of vulnerability severity assessment results

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability severity assessment method and system based on vulnerability event argument
  • Vulnerability severity assessment method and system based on vulnerability event argument
  • Vulnerability severity assessment method and system based on vulnerability event argument

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0041] see figure 1 As shown, a vulnerability severity assessment method based on a vulnerability event argument provided by the present invention includes the following steps:

[0042] 1) There are multiple different vulnerability databases. According to the CVE-ID, the vulnerability reports are crawled from two of the multiple different vulnerability databases, namely the vulnerability database NVD and the vulnerability database IBMX-Force, to obtain the description text, Vulnerability severity level, vulnerability severity index, the cause of the vulnerability, attacker, triggering operation, triggering result, and triggering scenario are used as event arguments to construct an event argument label set;

[0043] Use the BIO tagging method to manually label the cause of the vulnerability, attacker, trigger operation, trigger result, and trigger scenario. B (Begin) indicates that the word is the word at the beginning of the vocabulary, I (Inside) indicates that the word is th...

Embodiment 2

[0066] Corresponding to the vulnerability severity assessment method based on vulnerability event arguments in Embodiment 1, this embodiment 2 provides a vulnerability severity assessment system based on vulnerability event arguments. Please refer to figure 1 As shown in the figure, it includes the argument label set module, the pre-training word embedding module, the extraction vulnerability event argument module, and the classification calculation module;

[0067] The argument label set module is used to crawl vulnerability reports from two of the multiple different vulnerability databases, namely the vulnerability database NVD and the vulnerability database IBMX-Force according to the CVE-ID, and obtain the description text and the severity of the vulnerability in the vulnerability report. Vulnerability level and vulnerability severity index, the cause of the vulnerability, attacker, triggering operation, triggering result, and triggering scenario are used as event arguments...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a vulnerability severity assessment method based on a vulnerability event argument, which extracts an event argument from a vulnerability description text to assist in vulnerability severity assessment, and fully considers the effects of vulnerability generation reasons, attackers, trigger operations, trigger results and trigger scenarios on pre-training model learning. The corresponding relation between different vulnerability event arguments and different vulnerability severity indexes is constructed, classified learning is carried out by using the corresponding vulnerability event arguments for different severity evaluation indexes, finally the vulnerability event arguments, vulnerability severity scores and vulnerability severity levels are output, vulnerability severity is clarified, and the vulnerability severity evaluation accuracy is improved. The invention provides a vulnerability severity evaluation system based on vulnerability event arguments. Developers are helped to preferentially select more urgent vulnerabilities to repair the vulnerabilities.

Description

technical field [0001] The invention relates to the field of software security, in particular to a vulnerability severity assessment method and system based on a vulnerability event argument. Background technique [0002] Software vulnerabilities will have a negative impact on the confidentiality, integrity, and availability of software systems. From the results of the vulnerabilities, the impact of software vulnerabilities mainly includes attackers executing arbitrary code on the host, system denial of service, and obtaining sensitive user information. As the number of vulnerabilities continues to increase, it becomes increasingly important to identify critical vulnerabilities that need to be prioritized for remediation among a large number of software vulnerabilities, so a software vulnerability severity assessment is necessary. Most of the previous vulnerability severity assessment work directly obtained the severity level by classifying the vulnerability description text...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G06F16/35G06F40/216G06N3/04G06N3/08
CPCG06F21/577G06F16/353G06F40/216G06N3/08G06F2221/033G06N3/047G06N3/045
Inventor 孙小兵叶振雷薄莉莉魏颖李斌
Owner YANGZHOU UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com