信息安全研究2024,Vol.10Issue(5):446-452,7.DOI:10.12379/j.issn.2096-1057.2024.05.08
基于BiGRU TextCNN框架的漏洞自动分类技术研究
An Automatic Vulnerability Classification Framework Based on BiGRU TextCNN
摘要
Abstract
Common Vulnerabilities and Exposures(CVE)serve as a repository for recording known vulnerabilities with standardized descriptions.Utilizing Common Weakness Enumeration(CWE)to classify vulnerabilities,it provides richer background knowledge and more detailed mitigation measures.However,due to the negligence on manual classification and the evolution of vulnerabilities.Additionally,the ever-increasing number of vulnerabilities presents a substantial challenge to the efficiency and accuracy of manual classification.To address these issues,we propose a vulnerability classification framework based on BiGRU TextCNN model,which processes,trains,predicts to automatically classify vulnerabilities into weaknesses based on the description of vulnerability.To validate the performance and feasibility of the proposed framework,we conduct comparison experiments on different text classification models and demonstrate the correctness of the proposed method by predicting vulnerabilities'classifications utilizing the propsosed framework.关键词
漏洞分类/文本分类/条件抽取/深度学习/安全告警Key words
vulnerability classification/text classification/conditional extraction/deep learning/security advisory分类
信息技术与安全科学引用本文复制引用
张浩,何东昊..基于BiGRU TextCNN框架的漏洞自动分类技术研究[J].信息安全研究,2024,10(5):446-452,7.基金项目
国网公司科技项目(521702240011) (521702240011)
