@inproceedings{27b82575115f4fa18a82f75e13aa0a07,
title = "Assessing Vulnerability from Its Description",
abstract = "This paper shows an end-to-end Artificial Intelligence (AI) system to estimate the severity level and the various Common Vulnerability Scoring System (CVSS) components from natural language descriptions without reproducing the vulnerability. This natural language processing-based approach can estimate the CVSS from only the Common Vulnerabilities and Exposures description without the need to reproduce the vulnerability environment. We present an Error Grid Analysis for the CVSS base score prediction task. Experiments on CVSS 2.0 and CVSS 3.1 show that state-of-the-art deep learning models can predict the CVSS scoring components with high accuracy. The low-cost Universal Sentence Encoder (large) model outperforms the Generative Pre-trained Transformer-3 (GPT-3) and the Support Vector Machine baseline on the majority of the classification tasks with a lower computation overhead than the GPT-3.",
keywords = "Artificial Intelligence, CVSS, Deep Learning, Natural Language Processing, Threat Intelligence",
author = "Zijing Zhang and Vimal Kumar and Michael Mayo and Albert Bifet",
note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.; 2nd International Conference on Ubiquitous Security, UbiSec 2022 ; Conference date: 28-12-2022 Through 31-12-2022",
year = "2023",
month = jan,
day = "1",
doi = "10.1007/978-981-99-0272-9\_9",
language = "English",
isbn = "9789819902712",
series = "Communications in Computer and Information Science",
publisher = "Springer Science and Business Media Deutschland GmbH",
pages = "129--143",
editor = "Guojun Wang and Choo, \{Kim-Kwang Raymond\} and Jie Wu and Ernesto Damiani",
booktitle = "Ubiquitous Security - 2nd International Conference, UbiSec 2022, Revised Selected Papers",
}