A multiclass hybrid approach to estimating software vulnerability vectors and severity score

Ghaffarian, 2017, Software vulnerability analysis and discovery using machine-learning and data-mining techniques: a survey, ACM Comput Surv, 50, 10.1145/3092566 Kobek, 2017, The State of Cybersecurity in Mexico: an Overview, Wilson Centre's Mex Institute, Jan Moore, 2017, Assessing ICT security risks in socio-technical systems (Dagstuhl seminar 16461), Dagstuhl Rep, 6, 63 Ruohonen, 2019, A look at the time delays in CVSS vulnerability scoring, Appl Comput Informat, 15, 129, 10.1016/j.aci.2017.12.002 Theisen, 2019, Better together: comparing vulnerability prediction models, Inf Softw Technol, 119, 2020 Wu, 2020, CVE-assisted large-scale security bug report dataset construction method, J Syst Softw, 160, 10.1016/j.jss.2019.110456 Raducu, 2020, Collecting vulnerable source code from open-source repositories for dataset generation, Appl Sci, 10, 10.3390/app10041270 Miyamoto, 2017, Text-mining approach for estimating vulnerability score, 67 Spanos, 2018, A multi-target approach to estimate software vulnerability characteristics and severity scores, J Syst Softw, 146, 152, 10.1016/j.jss.2018.09.039 Yang, 2020, Better not to use vulnerability's reference for exploitability prediction, Appl Sci, 10, 10.3390/app10072555 Patriciu, 2006, Security metrics for enterprise information systems, J Appl Quant Methods, 1, 151 National Vulnerability Database (2021), NVD URL https://nvd.nist.gov. János, 2018, Security Concerns Towards Security Operations Centers, 273 Kritikos, 2019, A survey on vulnerability assessment tools and databases for cloud-based web applications, Array, 3–4 Russo, 2019, Summarizing vulnerabilities’ descriptions to support experts during vulnerability assessment activities, J Syst Softw, 156, 84, 10.1016/j.jss.2019.06.001 Yasasin, 2020, Forecasting IT security vulnerabilities – An empirical analysis, Comput Secur, 88, 10.1016/j.cose.2019.101610 Sharma, 2021, Software vulnerability prioritization using vulnerability description, Int J Syst Assur Eng Manag, 12, 58, 10.1007/s13198-020-01021-7 Malhotra, 2021, Severity prediction of software vulnerabilities using textual data, 453 Aota, 2020, Automation of vulnerability classification from its description using machine learning, 1 M. Schiffman and C.I.A.G. Cisco, A Complete Guide to the Common Vulnerability Scoring System (CVSS) v1 Archive (2005), URL https://www.first.org/cvss/v1/guide. Spanos, 2013, WIVSS: a New Methodology for Scoring Information Systems Vulnerabilities, 83 Spanos, 2015, Impact metrics of security vulnerabilities: analysis and weighing, Inf Secur J A Glob Perspect, 24, 57, 10.1080/19393555.2015.1051675 Mell, 2007 Common Vulnerability Scoring System v3.0, User Guide (2021), URL https://www.first.org/cvss/v3.0/user-guide. Common Vulnerability Scoring System v3.1, User Guide (2021), URL https://www.first.org/cvss/v3.1/user-guide. Fesseha, 2021, Text classification based on convolutional neural networks and word embedding for low-resource languages: Tigrinya, Information, 12, 10.3390/info12020052 Uysal, 2014, The impact of preprocessing on text classification, Inf Process Manag, 50, 104, 10.1016/j.ipm.2013.08.006 Jalal, 2021, Text documents clustering using data mining techniques, Int J Electr Comput Eng, 11 Kowsari, 2019, Text classification algorithms: a survey, Information, 10, 150, 10.3390/info10040150 Zhang, 2010, Understanding bag-of-words model: a statistical framework, Int J Mach Learn Cybern, 1, 43, 10.1007/s13042-010-0001-0 Aizawa, 2003, An information-theoretic perspective of tf–idf measures, Inf Process Manag, 39, 45, 10.1016/S0306-4573(02)00021-3 Banerjee, 2003, The design, implementation, and use of the ngram statistics package, 370 Z. Yin and Y. Shen, “On the dimensionality of word embedding,” arXiv , Preprint arXiv 1812.04224, 2018. S. Aggarwal and D. Kaur, “Naïve Bayes Classifier with Various Smoothing Techniques for Text Documents,” 2013. Breiman, 1984 Fix, 1951 McCulloch, 1943, A logical calculus of the ideas immanent in nervous activity, Bull Math Biophys, 5, 115, 10.1007/BF02478259 Breiman, 2001, Random Forests, Mach Learn, 45, 5, 10.1023/A:1010933404324 Kohavi, 1995, A study of cross-validation and bootstrap for accuracy estimation and model selection, Ijcai, 14, 1137 Cawley, 2010, On over-fitting in model selection and subsequent selection bias in performance evaluation, J Mach Learn Res, 11, 2079 S. Russell and P. Norvig, Artificial intelligence: a modern approach (2002), URL https://storage.googleapis.com/pub-tools-public-publication-data/pdf/27702.pdf. Rennie, 2003, Tackling the poor assumptions of naive bayes text classifiers, 616 Mallory, 2018, Chemical reaction vector embeddings: towards predicting drug metabolism in the human gut microbiome, PSB, 56 Kamiński, 2018, A framework for sensitivity analysis of decision trees,” Cent, Eur J Oper Res, 26, 135, 10.1007/s10100-017-0479-6 Quinlan, 1987, Simplifying decision trees, Int J Man Mach Stud, 27, 221, 10.1016/S0020-7373(87)80053-6 Yang, 1999, An evaluation of statistical approaches to text categorization, Inf Retr Boston, 1, 69, 10.1023/A:1009982220290 Deng, 2019, Feature selection for text classification: a review, Multimed Tools Appl, 78, 3797, 10.1007/s11042-018-6083-5 Chen, 2020, The Lao text classification method based on KNN, Procedia Comput Sci, 166, 523, 10.1016/j.procs.2020.02.053 Tan, 2018, An improved KNN text classification algorithm based on K-medoids and rough set, 01, 109 Simanjuntak, 2010, Text classification techniques used to faciliate cyber terrorism investigation, 198 F. Rosenblatt, Principles of neurodynamics. perceptrons and the theory of brain mechanisms (1961), Cornell Aeronautical Lab Inc Buffalo NY, URL https://apps.dtic.mil/sti/citations/AD0256582. Rumelhart, 1985 Cybenko, 1992, Approximation by superpositions of a sigmoidal function, Math Control Signals Syst, 5, 455, 10.1007/BF02134016 Shah, 2020, A comparative analysis of logistic regression, random forest and KNN models for the text classification, Augment Hum Res, 5, 1, 10.1007/s41133-020-00032-0 Sun, 2020, Application research of text classification based on random forest algorithm, 370 Sawangarreerak, 2020, Random forest with sampling techniques for handling imbalanced prediction of university student depression, Information, 11, 10.3390/info11110519 Sokolova, 2009, A systematic analysis of performance measures for classification tasks, Inf Process Manag, 45, 427, 10.1016/j.ipm.2009.03.002 Bielza, 2011, Multi-dimensional classification with Bayesian networks, Int J Approx Reason, 52, 705, 10.1016/j.ijar.2011.01.007 Ballabio, 2018, Multivariate comparison of classification performance measures, Chemom Intell Lab Syst, 174, 33, 10.1016/j.chemolab.2017.12.004 Fang, 2020, Fastembed: predicting vulnerability exploitation possibility based on ensemble machine learning algorithm, PLoS ONE, 15, 1, 10.1371/journal.pone.0228439