Abstract — Security vulnerabilities are a main cause of network security. Vulnerability classification gives us a better understanding of the essence of vulnerabilities, which help propose efficient solutions. However, applying Vulnerability Categorization Standard (VCS) to manually categorize vulnerabilities is impracticable since it is time-consuming and subjective. To address this issue, a new framework named Automatic Security Vulnerabilities Categorization Framework (ASVC) is proposed based on Text Mining. To further improve the accuracy, a new rule for extraction of features of Text Mining is proposed. ASVC abstracts the categorization of vulnerabilities into a process of Text Mining, and categorize vulnerabilities automatically according to a VCS. Finally, VCS of Common Weakness Enumeration is applied to a main Vulnerability Database based on ASVC in a fast way, about 1000 vulnerabilities per hour. The accuracy of the categorization is 82.5%, 4.5% higher than previous works.

Index Terms—Security vulnerability, vulnerability categorization, vulnerability database, information security, asvc, text mining

Cite: Tao Wen, Yuqing Zhang, Qianru Wu, and Gang Yang, "ASVC: An Automatic Security Vulnerability Categorization Framework Based on Novel Features of Vulnerability Data," Journal of Communications, vol. 10, no. 2, pp. 107-116, 2015. Doi: 10.12720/jcm.10.2.107-116