Information Extraction of Cybersecurity Concepts: An LSTM Approach

Gasmi, Houssem; Laval, Jannik; Bouras, Abdelaziz

doi:10.3390/app9193945

Cited by 37 publications

(21 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Manual analysis of security vulnerabilities demands high expertise and imposes a huge burden on security analysts, which inevitably limits productivity. Thus, it is extremely useful to automate this process and recommend potentially vulnerable source files to security experts and developers with a given vulnerability description [4]. Hence, POS tagging is one of the early phases to be automated.…”

Section: A Background Of Security Vulnerabilitiesmentioning

confidence: 99%

“…Moreover, decimal numbers "3.0" and "6.5" that respectively follow a product "V 2I Hub" and "W ebAccess" provide critical information about which versions of a product are vulnerable to SQL injection or XSS vulnerabilities. The NLP approaches identify "3.0" and "6.5" as cardinal numbers; however, decimal numbers that follow a software product are expected to be versions of that product and not quantities of it [4]. Hence, in the security vulnerability domain, they are identified as proper nouns.…”

Section: B Motivation By Examplementioning

confidence: 99%

“…1) Unannotated Corpus Preparation: Unlike traditional POS taggers, e.g., the PTB Project [19], a corpus dedicated to security vulnerability research is not widely available [4]. Thus, we begin our work by preparing a corpus of security vulnerabilities from online data sources.…”

Section: A Corpus Preparationmentioning

confidence: 99%

“…to tokens in SVD, is challenging due to its content includes high-level natural language descriptions of the text composed of a mixed language studded with codes, domain-specific jargon, vague language, and averviations [1]. In reality, identifying a tokens functional role within a SVD and annotating each of the tokens with POS tags is useful for a wide scope of downstream applications ranging from domain-specific NER [3], [4] to more sophisticated uses such as security vulnerability systems [5]- [7]. Hence, POS tagging is the foundation of many downstream applications and a prerequisite for a wide range of systems [8].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Automatic Part-of-Speech Tagging for Security Vulnerability Descriptions

Yitagesu

Zhang

Feng

et al. 2021

2021 IEEE/ACM 18th International Conference on Mining Software Repositories (MSR)

View full text Add to dashboard Cite

In this paper, we study the problem of part-of-speech (POS) tagging for security vulnerability descriptions (SVD). In contrast to newswire articles, SVD often contains a high-level natural language description of the text composed of mixed language studded with codes, domain-specific jargon, vague language, and abbreviations. Moreover, training data dedicated to security vulnerability research is not widely available. Existing neural network-based POS tagging has often relied on manually annotated training data or applying natural language processing (NLP) techniques, suffering from two significant drawbacks. The former is extremely time-consuming and requires labor-intensive feature engineering and expertise. The latter is inadequate to identify linguistically-informed words specific to the SVD domain. In this paper, we propose an automatic approach to assign POS tags to tokens in SVD. Our approach uses the character-level representation to automatically extract orthographic features and unsupervised word embeddings to capture meaningful syntactic and semantic regularities from SVD. The character level representations are then concatenated with the word embedding as a combined feature, which is then learned and used to predict the POS tagging. To deal with the issue of the poor availability of annotated security vulnerability data, we implement a finetuning approach. Our approach provides public access to a POS annotated corpus of ∼8M tokens, which serves as a training dataset in this domain. Our evaluation results show a significant improvement in accuracy (17.72%-28.22%) of POS tagging in SVD over the current approaches.

show abstract

Section: A Background Of Security Vulnerabilitiesmentioning

confidence: 99%

Section: B Motivation By Examplementioning

confidence: 99%

Section: A Corpus Preparationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Automatic Part-of-Speech Tagging for Security Vulnerability Descriptions

Yitagesu

Zhang

Feng

et al. 2021

2021 IEEE/ACM 18th International Conference on Mining Software Repositories (MSR)

View full text Add to dashboard Cite

show abstract

“…Simran et al proposed a deep-learning-based framework for NER in cybersecurity and evaluated various deep-learning architectures [15]. Gasmi et al proposed an LSTM model for NER and Relation Extraction tasks [16]. Even though, not a deep learning approach Yi et al also proposed cyber-security NER model based on regular expressions and known-entity dictionary [17].…”

Section: Cyber-security Named Entity Recognitionmentioning

confidence: 99%

Quantifying the Significance and Relevance of Cyber-Security Text Through Textual Similarity and Cyber-Security Knowledge Graph

et al. 2020

View full text Add to dashboard Cite

In order to proactively mitigate cyber-security risks, security analysts have to continuously monitor sources of threat information. However, the sheer amount of textual information that needs to be processed is overwhelming, and it requires a great deal of mundane labor to separate the threats from the noise. We propose a novel approach to represent the relevance and significance of the cyber-security text in quantitative numbers. We trained custom Named Entity Recognition (NER) model and constructed a Cybersecurity Knowledge Graph (CKG) to infer the subjective relevance of the cyber-security text to the user and to generate correlation features. In addition, the significance of the given text was analyzed in terms of its textual similarity with different repositories of pre-defined "significant" text and the maximum similarities were computed. These analysis results then act as features of the classifier to generate the significance score. The experimental result showed that the overall system could determine the significance and relevance of the text within a controlled environment with 88% accuracy.

show abstract