TL;DR
This paper presents a novel NLP-based approach combining character and word features to effectively address concept drift in automated software vulnerability assessment over time, without requiring retraining.
Contribution
It introduces a systematic method with a custom time-based validation to handle concept drift in SV descriptions, outperforming existing word-only methods.
Findings
Effectively handles concept drift in SV descriptions from 2000 to 2018.
Performs competitively with existing word-only approaches.
Provides guidelines for building compact, drift-aware models.
Abstract
Software Engineering researchers are increasingly using Natural Language Processing (NLP) techniques to automate Software Vulnerabilities (SVs) assessment using the descriptions in public repositories. However, the existing NLP-based approaches suffer from concept drift. This problem is caused by a lack of proper treatment of new (out-of-vocabulary) terms for the evaluation of unseen SVs over time. To perform automated SVs assessment with concept drift using SVs' descriptions, we propose a systematic approach that combines both character and word features. The proposed approach is used to predict seven Vulnerability Characteristics (VCs). The optimal model of each VC is selected using our customized time-based cross-validation method from a list of eight NLP representations and six well-known Machine Learning models. We have used the proposed approach to conduct large-scale experiments…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
