Vulnerability Clustering and other Machine Learning Applications of Semantic Vulnerability Embeddings
This work addresses the need for automated tools to analyze vulnerabilities for cybersecurity researchers and analysts, but it appears incremental as it applies existing NLP methods to this domain.
The paper tackled the problem of representing cybersecurity vulnerabilities from natural language descriptions using semantic embeddings, and applied them to clustering, classification, and visualization tasks to support risk assessment.
Cyber-security vulnerabilities are usually published in form of short natural language descriptions (e.g., in form of MITRE's CVE list) that over time are further manually enriched with labels such as those defined by the Common Vulnerability Scoring System (CVSS). In the Vulnerability AI (Analytics and Intelligence) project, we investigated different types of semantic vulnerability embeddings based on natural language processing (NLP) techniques to obtain a concise representation of the vulnerability space. We also evaluated their use as a foundation for machine learning applications that can support cyber-security researchers and analysts in risk assessment and other related activities. The particular applications we explored and briefly summarize in this report are clustering, classification, and visualization, as well as a new logic-based approach to evaluate theories about the vulnerability space.