ThreatZoom: Hierarchical neural network for CVEs to CWEs classification

Ehsan Aghaei; Waseem Shadid; Ehab Al-Shaer

doi:10.1007/978-3-030-63086-7_2

ThreatZoom: Hierarchical neural network for CVEs to CWEs classification

Ehsan Aghaei^*
, Waseem Shadid
, Ehab Al-Shaer

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

15 Scopus citations

Abstract

The Common Vulnerabilities and Exposures (CVE) represent standard means for sharing publicly known information security vulnerabilities. One or more CVEs are grouped into the Common Weakness Enumeration (CWE) classes for the purpose of understanding the software or configuration flaws and potential impacts enabled by these vulnerabilities and identifying means to detect or prevent exploitation. As the CVE-to-CWE classification is mostly performed manually by domain experts, thousands of critical and new CVEs remain unclassified, yet they are unpatchable. This significantly limits the utility of CVEs and slows down proactive threat mitigation tremendously. This paper presents ThreatZoom, as the first automatic tool to classify CVEs to CWEs. ThreatZoom uses a novel learning algorithm that employs an adaptive hierarchical neural network that adjusts its weights based on text analytic scores and classification errors. It automatically estimates the CWE classes corresponding to a CVE instance using both statistical and semantic features extracted from the description of a CVE. This tool is rigorously tested by various datasets provided by MITRE and the National Vulnerability Database (NVD). The accuracy of classifying CVE instances to their correct CWE classes is 92 % (fine-grain) and 94 % (coarse-grain) for NVD dataset, and 75 % (fine-grain) and 90 % (coarse-grain) for MITRE dataset, despite the small corpus.

Original language	English
Title of host publication	Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings
Editors	Noseong Park, Kun Sun, Sara Foresti, Kevin Butler, Nitesh Saxena
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	23-41
Number of pages	19
ISBN (Print)	9783030630850
DOIs	https://doi.org/10.1007/978-3-030-63086-7_2
State	Published - 2020
Externally published	Yes
Event	16th International Conference on Security and Privacy in Communication Networks, SecureComm 2020 - Washington, United States Duration: 21 Oct 2020 → 23 Oct 2020

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	335
ISSN (Print)	1867-8211

Conference

Conference	16th International Conference on Security and Privacy in Communication Networks, SecureComm 2020
Country/Territory	United States
City	Washington
Period	21/10/20 → 23/10/20

Bibliographical note

Publisher Copyright:
© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2020.

Keywords

CVE to CWE classification
Hierarchical neural network
Proactive cyber defense
Vulnerability analysis

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1007/978-3-030-63086-7_2

Cite this

Aghaei, E., Shadid, W., & Al-Shaer, E. (2020). ThreatZoom: Hierarchical neural network for CVEs to CWEs classification. In N. Park, K. Sun, S. Foresti, K. Butler, & N. Saxena (Eds.), Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings (pp. 23-41). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 335). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-63086-7_2

Aghaei, Ehsan ; Shadid, Waseem ; Al-Shaer, Ehab. / ThreatZoom : Hierarchical neural network for CVEs to CWEs classification. Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings. editor / Noseong Park ; Kun Sun ; Sara Foresti ; Kevin Butler ; Nitesh Saxena. Springer Science and Business Media Deutschland GmbH, 2020. pp. 23-41 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{646d654e027a418d9d75ecf392b81185,

title = "ThreatZoom: Hierarchical neural network for CVEs to CWEs classification",

abstract = "The Common Vulnerabilities and Exposures (CVE) represent standard means for sharing publicly known information security vulnerabilities. One or more CVEs are grouped into the Common Weakness Enumeration (CWE) classes for the purpose of understanding the software or configuration flaws and potential impacts enabled by these vulnerabilities and identifying means to detect or prevent exploitation. As the CVE-to-CWE classification is mostly performed manually by domain experts, thousands of critical and new CVEs remain unclassified, yet they are unpatchable. This significantly limits the utility of CVEs and slows down proactive threat mitigation tremendously. This paper presents ThreatZoom, as the first automatic tool to classify CVEs to CWEs. ThreatZoom uses a novel learning algorithm that employs an adaptive hierarchical neural network that adjusts its weights based on text analytic scores and classification errors. It automatically estimates the CWE classes corresponding to a CVE instance using both statistical and semantic features extracted from the description of a CVE. This tool is rigorously tested by various datasets provided by MITRE and the National Vulnerability Database (NVD). The accuracy of classifying CVE instances to their correct CWE classes is 92 \% (fine-grain) and 94 \% (coarse-grain) for NVD dataset, and 75 \% (fine-grain) and 90 \% (coarse-grain) for MITRE dataset, despite the small corpus.",

keywords = "CVE to CWE classification, Hierarchical neural network, Proactive cyber defense, Vulnerability analysis",

author = "Ehsan Aghaei and Waseem Shadid and Ehab Al-Shaer",

note = "Publisher Copyright: {\textcopyright} ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2020.; 16th International Conference on Security and Privacy in Communication Networks, SecureComm 2020 ; Conference date: 21-10-2020 Through 23-10-2020",

year = "2020",

doi = "10.1007/978-3-030-63086-7\_2",

language = "English",

isbn = "9783030630850",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "23--41",

editor = "Noseong Park and Kun Sun and Sara Foresti and Kevin Butler and Nitesh Saxena",

booktitle = "Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings",

address = "Germany",

}

Aghaei, E, Shadid, W & Al-Shaer, E 2020, ThreatZoom: Hierarchical neural network for CVEs to CWEs classification. in N Park, K Sun, S Foresti, K Butler & N Saxena (eds), Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 335, Springer Science and Business Media Deutschland GmbH, pp. 23-41, 16th International Conference on Security and Privacy in Communication Networks, SecureComm 2020, Washington, United States, 21/10/20. https://doi.org/10.1007/978-3-030-63086-7_2

ThreatZoom: Hierarchical neural network for CVEs to CWEs classification. / Aghaei, Ehsan; Shadid, Waseem; Al-Shaer, Ehab.
Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings. ed. / Noseong Park; Kun Sun; Sara Foresti; Kevin Butler; Nitesh Saxena. Springer Science and Business Media Deutschland GmbH, 2020. p. 23-41 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 335).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - ThreatZoom

T2 - 16th International Conference on Security and Privacy in Communication Networks, SecureComm 2020

AU - Aghaei, Ehsan

AU - Shadid, Waseem

AU - Al-Shaer, Ehab

N1 - Publisher Copyright: © ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2020.

PY - 2020

Y1 - 2020

N2 - The Common Vulnerabilities and Exposures (CVE) represent standard means for sharing publicly known information security vulnerabilities. One or more CVEs are grouped into the Common Weakness Enumeration (CWE) classes for the purpose of understanding the software or configuration flaws and potential impacts enabled by these vulnerabilities and identifying means to detect or prevent exploitation. As the CVE-to-CWE classification is mostly performed manually by domain experts, thousands of critical and new CVEs remain unclassified, yet they are unpatchable. This significantly limits the utility of CVEs and slows down proactive threat mitigation tremendously. This paper presents ThreatZoom, as the first automatic tool to classify CVEs to CWEs. ThreatZoom uses a novel learning algorithm that employs an adaptive hierarchical neural network that adjusts its weights based on text analytic scores and classification errors. It automatically estimates the CWE classes corresponding to a CVE instance using both statistical and semantic features extracted from the description of a CVE. This tool is rigorously tested by various datasets provided by MITRE and the National Vulnerability Database (NVD). The accuracy of classifying CVE instances to their correct CWE classes is 92 % (fine-grain) and 94 % (coarse-grain) for NVD dataset, and 75 % (fine-grain) and 90 % (coarse-grain) for MITRE dataset, despite the small corpus.

AB - The Common Vulnerabilities and Exposures (CVE) represent standard means for sharing publicly known information security vulnerabilities. One or more CVEs are grouped into the Common Weakness Enumeration (CWE) classes for the purpose of understanding the software or configuration flaws and potential impacts enabled by these vulnerabilities and identifying means to detect or prevent exploitation. As the CVE-to-CWE classification is mostly performed manually by domain experts, thousands of critical and new CVEs remain unclassified, yet they are unpatchable. This significantly limits the utility of CVEs and slows down proactive threat mitigation tremendously. This paper presents ThreatZoom, as the first automatic tool to classify CVEs to CWEs. ThreatZoom uses a novel learning algorithm that employs an adaptive hierarchical neural network that adjusts its weights based on text analytic scores and classification errors. It automatically estimates the CWE classes corresponding to a CVE instance using both statistical and semantic features extracted from the description of a CVE. This tool is rigorously tested by various datasets provided by MITRE and the National Vulnerability Database (NVD). The accuracy of classifying CVE instances to their correct CWE classes is 92 % (fine-grain) and 94 % (coarse-grain) for NVD dataset, and 75 % (fine-grain) and 90 % (coarse-grain) for MITRE dataset, despite the small corpus.

KW - CVE to CWE classification

KW - Hierarchical neural network

KW - Proactive cyber defense

KW - Vulnerability analysis

UR - https://www.scopus.com/pages/publications/85098242022

U2 - 10.1007/978-3-030-63086-7_2

DO - 10.1007/978-3-030-63086-7_2

M3 - Conference contribution

AN - SCOPUS:85098242022

SN - 9783030630850

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 23

EP - 41

BT - Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings

A2 - Park, Noseong

A2 - Sun, Kun

A2 - Foresti, Sara

A2 - Butler, Kevin

A2 - Saxena, Nitesh

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 21 October 2020 through 23 October 2020

ER -

Aghaei E, Shadid W, Al-Shaer E. ThreatZoom: Hierarchical neural network for CVEs to CWEs classification. In Park N, Sun K, Foresti S, Butler K, Saxena N, editors, Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings. Springer Science and Business Media Deutschland GmbH. 2020. p. 23-41. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). doi: 10.1007/978-3-030-63086-7_2

ThreatZoom: Hierarchical neural network for CVEs to CWEs classification

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this