用XLNet发现软件漏洞[Appl. Sci.专栏第二篇发表论文]
周涛  |  2022-09-08  |  科学网  |  363次阅读

我在Applied Sciences(综合性、交叉性期刊,CiteScore=3.70IF=2.84)组织了一个Special Issue,大题目是“大数据分析进展”,比较宽泛。该专栏的推出主要是为了回应因为可获取数据和数据分析的平台、工具的快速增长给自然科学和社会科学带来的重大影响。我们特别欢迎(但不限于)下面四类稿件:(1)数据分析中的基础理论分析,例如一个系统的可预测性(比如时间序列的可预测性)、分类问题的最小误差分析、各种数据挖掘结果的稳定性和可信度分析;(2)数据分析的新方法,例如挖掘因果关系的新方法(这和Topic 1也是相关的)、多模态分析的新方法、隐私计算的新方法等等;(3)推出新的、高价值的数据集、数据分析平台、数据分析工具等等;(4)把大数据分析的方法用到自然科学和社会科学的各个分支(并获得洞见),我们特别喜欢用到那些原来定量化程度不高的学科。

投稿链接:https://www.mdpi.com/journal/applsci/special_issues/75Y7F7607U 

投稿截止时期为20221220日,我们处理稿件非常快,欢迎大家投稿支持。


即第一篇论文之后,第二篇论文也已经正式发表


XLNet-Based Prediction Model for CVSS Metric Values

Abstract

A plethora of software vulnerabilities are exposed daily, posing a severe threat to the Internet. It is almost impossible for security experts or software developers to deal with all vulnerabilities. Therefore, it is imperative to rapidly assess the severity of the vulnerability to be able to select which one should be given preferential attention. CVSS is now the industry’s de facto evaluation standard, which is calculated with a quantitative formula to measure the severity of a vulnerability. The CVSS formula consists of several metrics related to the vulnerability’s features. Security experts need to determine the values of each metric, which is tedious and time-consuming, therefore hindering the efficiency of severity assessment. To address this problem, in this paper, we propose a method based on a pre-trained model for the prediction of CVSS metric values. More specifically, this method utilizes the XLNet model that is fine-tuned with a self-built corpus to predict the metric values from the vulnerability description text, thus reducing the burden of the assessment procedure. To verify the performance of our method, we compare the XLNet model with other pre-trained models and conventional machine learning techniques. The experimental results show that the method outperforms these models on evaluation metrics, reaching state-of-the-art performance levels


论文免费下载链接:

https://www.mdpi.com/2076-3417/12/18/8983 




文章原载于作者的科学网文章,所述内容属作者个人观点,不代表本平台立场。
本文经过系统重新排版,阅读原内容可点击 阅读原文