A software vulnerability automatic classification method based on a deep neural network

Abstract

The invention provides a software vulnerability automatic classification method based on a deep neural network. The method comprises the steps of S1, preprocessing the vulnerability information to form a word set list; S2, calculating the weight of each word in the sample vulnerability description information set by using a TF-IDF algorithm and an IG algorithm to obtain an important feature word set list; S3, generating the word vector space according to the important feature word set list, expressing each piece of vulnerability description information as an m-dimensional vector, wherein m isthe number of feature words in the important feature word set; S4, obtaining a software vulnerability classifier by using the DNN model; and S5, classifying the new vulnerability description information set. According to the method, an automatic deep neural network vulnerability classification model is constructed based on a TF-IDF algorithm and an IG algorithm; the dimension of the high-dimensional word vector space is reduced, the method can adapt to continuously updated software vulnerability data sets, the high dimension and sparsity of the word vector space are effectively processed, andthe better performance is shown in multi-dimensional evaluation indexes such as the accuracy rate, the recall rate and the precision.

Description

technical field [0001] The invention belongs to the field of computer software security, and in particular relates to a method for automatically classifying software vulnerabilities based on a deep neural network. Background technique [0002] With the rapid development of information technology, the application of the Internet and computers has brought great convenience to all walks of life, but also brought huge risks and hidden dangers. In recent years, with the improvement of informatization in various industries, information security issues have become increasingly prominent. Vulnerability refers to the software and hardware defects of the system, which can be illegally exploited by unauthorized personnel. Once the loopholes of the information system are exploited by malicious attacks, the security of the information system will be at great risk, which may cause immeasurable consequences. In recent years, the types and numbers of vulnerabilities have gradually increas...

AI Technical Summary

Problems solved by technology

[0005] However, due to the large number and types of software vulnerabilities, the description information of each vulnerability is relatively small, so that each vulnerability presents the characteristics of high dimensionality and sparseness in the generated word vector space

These automatic vulnerability classification methods based on machine learning algorithms are not very effective in dealing with high-dimensional and sparse problems, and ignore specific vulnerability information, which makes the accuracy of software vulnerability classification not high.

Images