CPE-Identifier: Automated CPE identification and CVE summaries annotation with Deep Learning and NLP
Wanyu Hu, Vrizlynn L. L. Thing
TL;DR
This paper introduces CPE-Identifier, an automated system using deep learning and NLP to accurately extract CPEs from CVE summaries, significantly improving speed and precision over previous methods.
Contribution
The work presents a novel automated CPE annotation system that leverages deep learning and NLP for high accuracy and efficiency, including automated data labeling and new terminology detection.
Findings
Achieved an F1 score of 95.48% in CPE extraction
Outperformed prior methods by over 9% on all metrics
Automated data generation and labeling process implemented
Abstract
With the drastic increase in the number of new vulnerabilities in the National Vulnerability Database (NVD) every year, the workload for NVD analysts to associate the Common Platform Enumeration (CPE) with the Common Vulnerabilities and Exposures (CVE) summaries becomes increasingly laborious and slow. The delay causes organisations, which depend on NVD for vulnerability management and security measurement, to be more vulnerable to zero-day attacks. Thus, it is essential to come out with a technique and tool to extract the CPEs in the CVE summaries accurately and quickly. In this work, we propose the CPE-Identifier system, an automated CPE annotating and extracting system, from the CVE summaries. The system can be used as a tool to identify CPE entities from new CVE text inputs. Moreover, we also automate the data generating and labeling processes using deep learning models. Due to the…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSemantic Web and Ontologies · Natural Language Processing Techniques
MethodsCollaborative Preference Embedding