Paper Title : SOFTWARE VULNERABILITY CLASSIFICATION MODEL USING NEURAL NETWORK

ISSN : 2394-2231
Year of Publication : 2022

10.5281/zenodo.6387693

Authors: Ms. N. Zahira Jahan M.C.A., M.Phil., S. Madeshwaran

         



MLA Style: SOFTWARE VULNERABILITY CLASSIFICATION MODEL USING NEURAL NETWORK " Ms. N. Zahira Jahan M.C.A., M.Phil., S. Madeshwaran " Volume 9 - Issue 2 International Journal of Computer Techniques (IJCT) ,ISSN:2394-2231 , www.ijctjournal.org

APA Style: SOFTWARE VULNERABILITY CLASSIFICATION MODEL USING NEURAL NETWORK " Ms. N. Zahira Jahan M.C.A., M.Phil., S. Madeshwaran " Volume 9 - Issue 2 International Journal of Computer Techniques (IJCT) ,ISSN:2394-2231 , www.ijctjournal.org

Abstract
Security risks are caused mainly due to software vulnerabilities. If any vulnerability is exploited due to a malicious attack, it will greatly compromise the system’s safety. It may even create catastrophic losses. So, automatic classification methods are enviable for effective management of vulnerability in software, thereby improving security performance of the system. It will reduce the risk of system being attacked and spoiled. In this study, a new model has been proposed named automatic vulnerability classification model (IGTF-DNN) Information Gain based on Term Frequency - Deep Neural Network. The model is built using information gain (IG) which is based on frequency-inverse document frequency (TF-IDF), and deep neural network (DNN): TF-IDF is used for calculating frequency/weight of words prepared from vulnerability description; Information Gain is used to select features for gathering optimal set of feature words. Then deep neural network model is used to construct an automatic vulnerability classifier to achieve effective vulnerability classification. The National Vulnerability Database of the United States has been used to test proposed model’s effectiveness. Compared to KNN, the TFI-DNN model has achieved better performance in evaluation indexes which includes precision and recall measures

Reference
[1] R. P. Abbott, J. S. Chin, J. E. Donnelley, W. L. Konigsford, S. Tokubo, and D. A. Webb, Security Analysis and Enhancements of Computer Operating Systems. Washington, DC, USA: US Department of Commerce, 1976. [2] I. R. Bisbey and D. Hollingworth, Protection Analysis: Final Report. Marina Del Rey, CA, USA: Univ. of Southern California, 1978. [3] A. Gray, “An historical perspective of software vulnerability management,” Inf. Secur. Tech. Rep., vol. 8, no. 4, pp. 34–44, 2003. [4] P. J. Kim, ‘‘An analytical study on automatic classification of domestic journal articles based on machine learning,’’ J. Korean Soc. Inf. Manage., vol. 35, no. 2, pp. 37–62, 2018. [5] B. Shua, H. Li, M. Li, Q. Zhang, and C. Tang, “Automatic classification for vulnerability based on machine learning,” in Proc.IEEEInt.Conf.Inf. Automat. (ICIA), Aug. 2013, pp. 312–318. [6] D. Wijayasekara, M. Manic, and M. McQueen, “Vulnerability identification and classification via text mining bug databases,” in Proc.40th Annu. Conf. IEEE Ind. Electron. Soc., Nov. 2014, pp. 3612–3618. [7] S. Na, T. Kim, and H. Kim, “A study on the classification of common vulnerabilities and exposures using Naïve Bayes,” in Proc. Int. Conf. Broadband Wireless Comput., Commun. Appl. Cham, Switzerland: Springer, 2016, pp. 657–662. [8] M. Gawron, F. Cheng, and C. Meinel, “Automatic vulnerability classification using machine learning,” Proc. Int. Conf. Risks Secur. Internet Syst. Cham, Springer, 2017, pp. 3–17. [9] J. Deng, W. Dong, R. Socher, L.-J. Li, K. Li, and L. Fei-Fei, “ImageNet: A large-scale hierarchical image database,” in Proc. IEEE Conf. Comput. Vis. Pattern Recognit., Jun. 2009, pp. 248–255. [10] O. Russakovsky et al., “ImageNet large scale visual recognition challenge,” Int. J. Comput. Vis. vol. 115, no. 3, pp. 211–252, 2015. [11] W. Xiong et al., “Toward human parity in conversational speech recognition,” IEEE/ACM Trans. Audio Speech Lang. Process., vol. 25, no. 12. PP. 2410– 2423, Dec. 2017. [12] A. Krizhevsky, I. Sutskever, G. E. Hinton, ‘‘ImageNet classification with deep convolutional neural networks,” in Proc. Adv. Neural Inf. Proc. Syst., 2012, pp. 1097–1105. [13] D. Silveretal., “Mastering the game of Go with deep neural networks and tree search,” Nature vol. 529, pp. 484– 489, Jan. 2016. [14] M. Iyyer, V. Manjunatha, J. Boyd-Graber, and H. Daum,”Deep unordered composition rivals syntactic methods for text classification,” in Proc. 53rd Annu. Meeting Assoc. Comput. Linguistics 7th Int. Joint Conf. Natural Lang. Process., 2015, pp. 1681–1691. [15] H. Jo, J.-H. Kim, K.-M. Kim, J.-Ho Chang, J.-H. Eom, and B-T. Zhang, ‘‘Large-scale text classification with deep neural networks,” Comput. Congnit., vol. 23, no. 5, pp. 322–327, 2016. [16] W. Aziguli et al., ‘‘A robust text classifier based on denoising deep neural network in the analysis of big data,’’ Sci. Program., vol. 2017, 2017, pp. 1–10

Keywords
— Software Engineering, Software Vulnerability, Deep Neural Network, Information Gain.