loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Emil Wåreus 1 ; 2 ; Anton Duppils 1 ; Magnus Tullberg 1 and Martin Hell 2

Affiliations: 1 Debricked AB, Malmö, Sweden ; 2 Dept. of Electrical and Information Technology, Lund University, Lund, Sweden

Keyword(s): Machine Learning, Open-Source Software, Vulnerabilities, Semi-supervised Learning, Classification.

Abstract: Open-Source Software (OSS) is increasingly common in industry software and enables developers to build better applications, at a higher pace, and with better security. These advantages also come with the cost of including vulnerabilities through these third-party libraries. The largest publicly available database of easily machine-readable vulnerabilities is the National Vulnerability Database (NVD). However, reporting to this database is a human-dependent process, and it fails to provide an acceptable coverage of all open source vulnerabilities. We propose the use of semi-supervised machine learning to classify issues as security-related to provide additional vulnerabilities in an automated pipeline. Our models, based on a Hierarchical Attention Network (HAN), outperform previously proposed models on our manually labelled test dataset, with an F1 score of 71%. Based on the results and the vast number of GitHub issues, our model potentially identifies about 191 036 security-related i ssues with prediction power over 80%. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.220.200.197

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Wåreus, E.; Duppils, A.; Tullberg, M. and Hell, M. (2022). Security Issue Classification for Vulnerability Management with Semi-supervised Learning. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-553-1; ISSN 2184-4356, SciTePress, pages 84-95. DOI: 10.5220/0010813000003120

@conference{icissp22,
author={Emil Wåreus. and Anton Duppils. and Magnus Tullberg. and Martin Hell.},
title={Security Issue Classification for Vulnerability Management with Semi-supervised Learning},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP},
year={2022},
pages={84-95},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010813000003120},
isbn={978-989-758-553-1},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP
TI - Security Issue Classification for Vulnerability Management with Semi-supervised Learning
SN - 978-989-758-553-1
IS - 2184-4356
AU - Wåreus, E.
AU - Duppils, A.
AU - Tullberg, M.
AU - Hell, M.
PY - 2022
SP - 84
EP - 95
DO - 10.5220/0010813000003120
PB - SciTePress