Vulnerability Clustering and other Machine Learning Applications of Semantic Vulnerability Embeddings

TL;DR

This paper explores semantic vulnerability embeddings derived from NLP techniques to improve clustering, classification, visualization, and theory evaluation in cybersecurity vulnerability analysis.

Contribution

It introduces novel NLP-based vulnerability embeddings and demonstrates their application in machine learning tasks for cybersecurity risk assessment.

Findings

Effective clustering of vulnerabilities based on semantic embeddings

Improved classification accuracy for vulnerability types

Enhanced visualization of vulnerability space

Abstract

Cyber-security vulnerabilities are usually published in form of short natural language descriptions (e.g., in form of MITRE's CVE list) that over time are further manually enriched with labels such as those defined by the Common Vulnerability Scoring System (CVSS). In the Vulnerability AI (Analytics and Intelligence) project, we investigated different types of semantic vulnerability embeddings based on natural language processing (NLP) techniques to obtain a concise representation of the vulnerability space. We also evaluated their use as a foundation for machine learning applications that can support cyber-security researchers and analysts in risk assessment and other related activities. The particular applications we explored and briefly summarize in this report are clustering, classification, and visualization, as well as a new logic-based approach to evaluate theories about the vulnerability space.