A Study on the Classification of Common Vulnerabilities and Exposures using Naïve Bayes

National Vulnerability Database (NVD) provides publicly known security vulnerabilities called Common Vulnerabilities and Exposures (CVE). There are a number of CVE entries, although, some of them cannot provide sufficient information, such as vulnerability type. In this paper, we propose a classification method of categorizing CVE entries into vulnerability type using naive Bayes classifier. The classification ability of the method is evaluated by a set of testing data. We can analyze CVE entries that are not yet classified as well as uncategorized vulnerability documents.

[1]  Yuanyuan Zhou,et al.  Have things changed now?: an empirical study of bug characteristics in modern open source software , 2006, ASID '06.

[2]  J. Alex Halderman,et al.  A Search Engine Backed by Internet-Wide Scanning , 2015, CCS.

[3]  Béla Genge,et al.  ShoVAT: Shodan-based vulnerability assessment tool for Internet-facing services , 2016, Secur. Commun. Networks.

[4]  Thomas Zimmermann,et al.  Security Trend Analysis with CVE Topic Models , 2010, 2010 IEEE 21st International Symposium on Software Reliability Engineering.

[5]  Pavol Zavarsky,et al.  Trend Analysis of the CVE for Software Vulnerability Management , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.