Advancing Vulnerability Classification with BERT: A Multi-Objective Learning Model
This provides a scalable, open-source tool for cybersecurity practitioners to automate vulnerability triage, though it is incremental as it applies an existing method to a specific domain.
The paper tackles automated classification of cybersecurity vulnerabilities by developing a BERT-based model that predicts severity and types from CVE reports, achieving decreasing evaluation loss across epochs in experiments on NVD data.
The rapid increase in cybersecurity vulnerabilities necessitates automated tools for analyzing and classifying vulnerability reports. This paper presents a novel Vulnerability Report Classifier that leverages the BERT (Bidirectional Encoder Representations from Transformers) model to perform multi-label classification of Common Vulnerabilities and Exposures (CVE) reports from the National Vulnerability Database (NVD). The classifier predicts both the severity (Low, Medium, High, Critical) and vulnerability types (e.g., Buffer Overflow, XSS) from textual descriptions. We introduce a custom training pipeline using a combined loss function-Cross-Entropy for severity and Binary Cross-Entropy with Logits for types-integrated into a Hugging Face Trainer subclass. Experiments on recent NVD data demonstrate promising results, with decreasing evaluation loss across epochs. The system is deployed via a REST API and a Streamlit UI, enabling real-time vulnerability analysis. This work contributes a scalable, open-source solution for cybersecurity practitioners to automate vulnerability triage.