基于BiGRU TextCNN框架的漏洞自动分类技术研究

摘要/Abstract

摘要： 通用缺陷枚举(CVE)信息可以用于记录已知漏洞并提供标准化的语义描述，利用CWE信息对漏洞进行分类，可以为漏洞挖掘提供更丰富的背景知识和更详细的预防措施.但由于人工分类的不确定性和漏洞本身信息参数的变化，在具体实践中漏洞分类的准确性亟待提高，此外大量且不断增加的新漏洞对人工分类的效率和准确性也提出了巨大挑战.为解决这一问题，提出了一个基于BiGRU TextCNN模型的漏洞分类方法，可用于对漏洞信息的处理、训练和预测，并根据漏洞自身所表征的描述信息自动进行分类.为验证所提方法的适用性和可行性，首先对不同分类模型进行对比分析，然后利用所提出的框架模型通过对漏洞所表征的描述信息进行预测分类，结果证明了所提方法的正确性.

关键词: 漏洞分类, 文本分类, 条件抽取, 深度学习, 安全告警

Abstract: Common Vulnerabilities and Exposures (CVE) serve as a repository for recording known vulnerabilities with standardized descriptions. Utilizing Common Weakness Enumeration (CWE) to classify vulnerabilities, it provides richer background knowledge and more detailed mitigation measures. However, due to the negligence on manual classification and the evolution of vulnerabilities. Additionally, the everincreasing number of vulnerabilities presents a substantial challenge to the efficiency and accuracy of manual classification. To address these issues, we propose a vulnerability classification framework based on BiGRU TextCNN model, which processes, trains, predicts to automatically classify vulnerabilities into weaknesses based on the description of vulnerability. To validate the performance and feasibility of the proposed framework, we conduct comparison experiments on different text classification models and demonstrate the correctness of the proposed method by predicting vulnerabilities’ classifications utilizing the propsosed framework.

Key words: vulnerability classification, text classification, conditional extraction, deep learning, security advisory

中图分类号:

TP393.8

张浩, 何东昊, . 基于BiGRU TextCNN框架的漏洞自动分类技术研究[J]. 信息安全研究, 2024, 10(5): 446-.

参考文献

［1］Ponta S, Plate H, Sabetta A. Detection, assessment and mitigation of vulnerabilities in open source dependencies［J］. Empirical Software Engineering, 2022, 7(25): 31753215［2］Morgan S. Cybercrime to cost the world $10.5 trillion annually by 2025［EBOL］.［20180922］. https:cybersecurityventures.comhackerpocalypsecybercrimereport2016［3］US Department of Homeland Security (DHS),Cybersecurity and Infrastructure Security Agency (CISA).CVE［EBOL］. ［20231026］. https:cve.mitre.org［4］Jin S, Wang Y, Cui X, et al. A review of classification methods for network vulnerability［C］ Proc of IEEE Int Conf on Systems. Piccataway, NJ: IEEE, 2009: 11711175［5］Wijayasekara D, Manic M, McQueen M. Vulnerability identification and classification via text mining bug databases［C］ Proc of the 40th Annual Conf of the IEEE Industrial Electronics Society. Piscataway, NJ: IEEE, 2014: 36123618［6］Davari M, Zulkernine M, Jaafar F. An automatic software vulnerability classification framework［C］ Proc of Int Conf on Software Security and Assurance (ICSSA). Piscataway, NJ: IEEE, 2017: 4449［7］Wang J A, Guo M. An ontology for vulnerability management［C］ Proc of the 5th Annual Workshop on Cyber Security and Information Intelligence Research Cyber Security and Information Intelligence Challenges and Strategies. New York: ACM, 2011: 23172322［8］US Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA). Common weakness enumeration［EBOL］. ［20231026］. https:cwe.mitre.org［9］Kowsari K, Jafari Meimandi K, Heidarysafa M, et al. Text classification algorithms: A survey［J］. arXiv preprint, arXiv:1904.08067, 2022［10］Chung J, Gulcehre C, Bengio Y. Empirical evaluation of gated recurrent neural networks on sequence modeling［J］. arXiv preprint, arXiv:1412.3555, 2014［11］Neuhaus S, Zimmermann T. Security trend analysis with CVE topic models［C］ Proc of the 21st IEEE Int Symp on Software Reliability Engineering. Piscataway, NJ: IEEE, 2010: 111120［12］Na S, Kim T, Kim H. A study on the classification of common vulnerabilities and exposures using Nave Bayes［G］ Advances on BroadBand Wireless Computing,Communication and Applications. Berlin: Springer, 2022: 657662［13］Aota M, Kanehara H, Kubo M, et al. Automation of vulnerability classification from its description using machine learning［C］ Proc of IEEE Symp on Computers and Communications (ISCC). Piscataway, NJ: IEEE, 2020: 17［14］Aivatoglou G, Anastasiadis M, Spanos G, et al. A treebased machine learning methodology to automatically classify software vulnerabilities［C］  Proc of IEEE Int Conf on Cyber Security and Resilience (CSR). Piscataway, NJ: IEEE, 2019: 312317［15］Aghaei E, Alshaer E. ThreatZoom: Neural network for automated vulnerability mitigation［G］ LNICST 335: Proc of the 6th Annual Symp on Hot Topics in the Science of Security. Berlin: Springer, 2020: 2341［16］Das S, Serra E, Halappanavar M, et al. A framework for effective hierarchical multiclass classification of software vulnerabilities［C］ Proc of the 8th IEEE Int Conf on Data Science and Advanced Analytics (DSAA). Piscataway, NJ: IEEE, 2021: 112［17］Sun X, Li L, Bo L, et al. Automatic software vulnerability classification by extracting vulnerability triggers［J］. Journal of Software: Evolution and Process, 2022: 5(18): 5773［18］Wang Q, Gao Y, Ren J. An automatic classification algorithm for software vulnerability based on weighted word vector and fusion neural network［J］. Computers & Security, 2023:8(26):102107

[1]	王永, 柳毅, . 一种多模型的调度优化对抗攻击算法[J]. 信息安全研究, 2024, 10(5): 403-.
[2]	王子昂, 汤艳君, 王子晨, 王子祎, . 基于去噪扩散概率模型的网络流量入侵检测方法研究[J]. 信息安全研究, 2024, 10(5): 421-.
[3]	罗乐琦, 张艳硕, 王志强, 文津, 薛培阳, . 基于BERT模型的源代码漏洞检测技术研究[J]. 信息安全研究, 2024, 10(4): 294-.
[4]	杨晓文, 张健, 况立群, 庞敏, . 融合CNN-BiGRU和注意力机制的网络入侵检测模型[J]. 信息安全研究, 2024, 10(3): 202-.
[5]	赵荻, 尹志超, 崔苏苏, 曹中华, 卢志刚, . 基于图表示的恶意TLS流量检测方法[J]. 信息安全研究, 2024, 10(3): 209-.
[6]	张淑慧, 胡长栋, 王连海, 徐淑奖, 邵蔚, 兰田, . 基于GHM可视化和深度学习的恶意代码检测与分类[J]. 信息安全研究, 2024, 10(3): 216-.
[7]	单晨棱, 张新有, 邢焕来, 冯力, . 一种基于内容和ERNIE3.0-CapsNet的中文垃圾邮件识别方法[J]. 信息安全研究, 2024, 10(3): 233-.
[8]	江荣旺, 魏爽, 龙草芳, 杨明, . 基于增量学习的车联网恶意位置攻击检测研究[J]. 信息安全研究, 2024, 10(3): 277-.
[9]	王耀辉, 王可, 宫良一, 付豫豪, 王跃达, 李婧, . 基于异构图的恶意域名检测方法研究[J]. 信息安全研究, 2023, 9(E1): 38-.
[10]	郑丽娜, 杜彦辉, . 基于深度学习的HTTP慢速DoS攻击检测研究[J]. 信息安全研究, 2023, 9(E1): 72-.
[11]	叶水欢, 葛寅辉, 陈波, 于泠, . 基于ELMoTextCNN的网络欺凌检测模型[J]. 信息安全研究, 2023, 9(9): 868-.
[12]	王志强, 王姿旖, 王庆德, 徐华福, . 基于LightGBM的区块链异常交易检测技术研究[J]. 信息安全研究, 2023, 9(9): 877-.
[13]	李敬. 基于卷积神经网络的加密代理流量识别方法[J]. 信息安全研究, 2023, 9(8): 722-.
[14]	张鹏飞. 基于机器学习的入侵检测模型对比研究[J]. 信息安全研究, 2023, 9(8): 739-.
[15]	杜林, 许传淇. 基于BERT的漏洞文本特征分类技术研究[J]. 信息安全研究, 2023, 9(7): 687-.