Common Vulnerability Scoring System Prediction based on Open Source Intelligence Information Sources
This work addresses the time-consuming manual assessment of vulnerabilities for cybersecurity experts, but it is incremental as it builds on existing machine learning approaches by adding new text sources.
The paper tackled the problem of predicting Common Vulnerability Scoring System (CVSS) vectors by analyzing publicly available web pages referenced in the National Vulnerability Database through web scraping, and while the overall influence of additional texts was negligible, they outperformed state-of-the-art with their Deep Learning models.
The number of newly published vulnerabilities is constantly increasing. Until now, the information available when a new vulnerability is published is manually assessed by experts using a Common Vulnerability Scoring System (CVSS) vector and score. This assessment is time consuming and requires expertise. Various works already try to predict CVSS vectors or scores using machine learning based on the textual descriptions of the vulnerability to enable faster assessment. However, for this purpose, previous works only use the texts available in databases such as National Vulnerability Database. With this work, the publicly available web pages referenced in the National Vulnerability Database are analyzed and made available as sources of texts through web scraping. A Deep Learning based method for predicting the CVSS vector is implemented and evaluated. The present work provides a classification of the National Vulnerability Database's reference texts based on the suitability and crawlability of their texts. While we identified the overall influence of the additional texts is negligible, we outperformed the state-of-the-art with our Deep Learning prediction models.