Automated Mapping of CVE Vulnerability Records to MITRE CWE Weaknesses: An NLP Parser
Haddad, Ashraf
Haddad, Ashraf
Author
Supervisor
Department
Machine Learning
Embargo End Date
Type
Thesis
Date
2023
License
Language
English
Collections
Research Projects
Organizational Units
Journal Issue
Abstract
The thesis is aims to provide a tool to streamline up the analysis of vulnerabilities reports in the cyber security domain. An AI model facilitating the task of threat analysis by a human expert. In recent years, a proliferation of cyber-security threats and diversity has been on the rise culminating in an increase in their reporting and analysis. To counter that, many non-profit organizations have emerged in this domain, such as MITRE and OSWAP, which have been actively tracking vulnerabilities, and publishing defense recommendations in standardized formats. As producing data in such formats manually is very time-consuming, there have been some proposals to automate the process. Unfortunately, a major obstacle to adopting supervised machine learning for this problem has been the lack of publicly available specialized datasets. Here, we aim to bridge this gap. In particular, we focus on mapping CVE records into MITRE CWE Weaknesses, and we release to the research community a manually annotated dataset of 4,012 records for this task. With a human-in-the-loop framework in mind, we approach the problem as a ranking task and aim to incorporate reinforced learning to make use of the human feedback in future work. Our experimental results using fine-tuned deep learning models, namely Sentence-BERT and rankT5, show sizable performance gains over BM25, BERT, and RoBERTa, which demonstrates the need for an architecture capable of good semantic understanding for this task.
Citation
A. Haddad, "Automated Mapping of CVE Vulnerability Records to MITRE CWE Weaknesses: An NLP Parser", M.S. Thesis, Machine Learning, MBZUAI, Abu Dhabi, UAE, 2023.