基于概念漂移的软件漏洞评估方法  

SOFTWARE VULNERABILITY ASSESSMENT METHOD BASED ON CONCEPT DRIFT

作  者:张亚平 王勇 Zhang Yaping;Wang Yong(School of Computer Science and Technology,Shanghai University of Electric Power,Shanghai 200000,China)

机构地区:[1]上海电力大学计算机科学与技术学院,上海200000

出  处:《计算机应用与软件》2025年第2期41-47,110,共8页Computer Applications and Software

基  金:国家自然科学基金项目(61772327)。

摘  要:基于自然语言处理的漏洞评估方法存在概念漂移的问题,其原因是随着时间的推移对看不见的软件漏洞的评估缺乏对新术语的适当处理。为了使用软件漏洞的描述执行具有概念漂移的软件漏洞评估,提出一种结合字符和单词特征的方法。此方法用于预测7个漏洞特征,每个漏洞特征的最佳模型是使用基于时间的交叉验证方法从自然语言处理表示和机器学习模型中选择的。实验结果表明,其能有效地解决概念漂移问题,与word-only方法相比其准确度和宏平均F1分数均提高了1.7百分点,加权F1分数提高了1.3百分点,更具有竞争力。The current vulnerability assessment methods based on natural language processing(NLP)have the problem of concept drift.The reason is that the assessment of invisible software vulnerabilities over time lacks proper handling of new terms.To perform an automatic software vulnerability evaluation with conceptual drift using the software vulnerability description,a method combining character and word features is proposed.This method was used to predict 7 vulnerability characteristics,the best model for each vulnerability characteristics were selected from natural language processing representations and machine learning models using time-based cross-validation methods.Experimental results show that it can effectively solve the problem of concept drift.Compared with the word-only method,its accuracy and macro F1-score are improved by 1.7%,and the weighted F1-score is increased by 1.3%,which is more competitive.

关 键 词:概念漂移 自然语言处理 软件漏洞 漏洞评估 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象