Automatic Classification of Computer Vulnerability Based on S-C Feature Extraction

doi:10.3778/j.issn.1673-9418.1908022

Abstract

Abstract:

In recent years, the number of unknown computer vulnerabilities has increased rapidly. It is an important and unsolved problem for analyzing and classifying a large number of vulnerability data timely and accurately. Therefore, this paper proposes a text classification method for computer vulnerability description information based on information entropy and comprehensive function[(S-C)]feature extraction and combines the averaged one-dependence estimators (AODE) classifier. First, the feature words are extracted by the[S-C]feature extraction method. By combining the comprehensive function[C]of the importance degree between classes and within classes of words, the importance degree of words to classes is calculated. Then, the information entropy[S]of words to classes is used to weaken the importance of words with chaotic classification and an accurate feature set is selected. Finally, the vulnerability data set is classified by using AODE which relates the relationship between feature word sets. The experimental comparison shows that the[S-C]feature extraction method can extract the accurate feature word set, and the classification accuracy combined with AODE classifier is higher than traditional classifier model.

Key words: computer vulnerability, text classification, feature extraction, information entropy

摘要：

近年来未知的计算机漏洞数量呈海量增长状态，对于大量的漏洞数据进行及时准确的分析和分类管理，是十分重要且有待解决的问题。因此，提出一种基于信息熵与综合函数[（S-C）]特征提取，并利用关联了特征词集间相互关系的平均一阶依赖贝叶斯模型（AODE）分类器的分类方法对计算机漏洞描述信息进行文本分类。首先，利用[S-C]特征提取法提取特征词。通过结合词语的类间重要程度和类内重要程度的综合函数[C]，计算出词语对于类别的重要程度。再利用词语对于类别间的信息熵[S]，来弱化对于分类较为混乱的词语的重要程度，选取得到准确的特征词集。最后，利用关联了特征词集间相互关系的AODE对漏洞数据集进行分类。通过实验对比表明，[S-C]特征提取法能够提取准确的特征词集，并且结合AODE分类器的分类准确率要高于传统的分类器模型。

关键词: 计算机漏洞, 文本分类, 特征提取, 信息熵

REN Jiadong, WANG Qian, WANG Fei, LI Yazhou, LIU Jiaxin. Automatic Classification of Computer Vulnerability Based on S-C Feature Extraction[J]. Journal of Frontiers of Computer Science and Technology, 2020, 14(7): 1173-1182.

任家东，王倩，王菲，李亚洲，刘佳新. S-C特征提取的计算机漏洞自动分类算法[J]. 计算机科学与探索, 2020, 14(7): 1173-1182.

References

[1] Burkhardt S, Kramer S. Online multi-label dependency topic models for text classification[J]. Machine Learning, 2018, 107(5): 859-886.
[2] Jun K P. An analytical study on automatic classification of domestic journal articles based on machine learning[J]. Jou-rnal of the Korean Society for Information Management, 2018, 35(2): 37-62.
[3] Baharum B, Lee L H, Khairullah K, et al. A review of mach-ine learning algorithms for text-documents classification[J]. Journal of Advances in Information Technology, 2010, 1(1): 4-20.
[4] Li X D, Chang X L, Board J A, et al. A novel approach for software vulnerability classification[C]//Proceedings of the 2017 Annual Reliability and Maintainability Symposium, Orlando, Jan 23-26, 2017. Piscataway: IEEE, 2017: 1-7.
[5] Gawron M, Cheng F, Meinel C. Automatic vulnerability class-ification using machine learning[C]//LNCS 10694: Proceed-ings of the 12th International Conference on Risks & Secu-rity of Internet & Systems, Dinard, Sep 19-21, 2017. Berlin, Heidelberg: Springer, 2017:?3-17.
[6] Shuai B, Li H F, Li M J, et al. Automatic classification for vulnerability based on machine learning[C]//Proceedings of the 2013 IEEE International Conference on Information & Automation, Yinchuan, Aug 26-28, 2013. Piscataway: IEEE, 2013: 312-318.
[7] Davari M, Zulkernine M, Jaafar F. An automatic software vulnerability classification framework[C]//Proceedings of the 2017 International Conference on Software Security and Assurance, Altoona, Jul 24-25, 2017. Washington: IEEE Com-puter Society, 2017: 44-49.
[8] Zhang H, Lv K, Hu C Z. An automatic vulnerabilities class-ification method based on their relevance[C]//LNCS 10394: Proceedings of the 11th International Conference on Network & System Security, Helsinki, Aug 21-23, 2017. Berlin, Hei-delberg: Springer, 2017: 478-485.
[9] Guru D S, Suhil M, Raju L N, et al. An alternative frame-work for univariate filter based feature selection for text categorization[J]. Pattern Recognition Letters, 2018, 103: 23-31.
[10] Zheng K F, Wang X J. Feature selection method with joint maximal information entropy between features and class[J]. Pattern Recognition, 2018, 77: 20-29.
[11] Ying C, Sun L J, Chong H, et al. Improved side information generation algorithm based on naive Bayesian theory for distributed video coding[J]. IET Image Processing, 2018, 12(3): 354-360.
[12] Wu J, Pan S R, Zhu X Q, et al. SODE: self-adaptive one-dependence estimators for classification[J]. Pattern Recogni-tion, 2016, 51: 358-377.
[13] Qin P D, Xu W R, Guo J. A novel negative sampling based on TFIDF for learning word representation[J]. Neurocom-puting, 2016, 177: 257-265.
[14] Shi B, Han L X, Yan H. Adaptive clustering algorithm based on kNN and density[J]. Pattern Recognition Letters, 2018, 104: 37-44.
[15] Schetinin V, Jakaite L, Krzanowski W J. Bayesian averaging over decision tree models: an application for estimating un-certainty in trauma severity scoring[J]. International Jour-nal of Medical Informatics, 2018, 112: 6-14.