摘要
为解决大规模漏洞分类问题,提出一种基于卷积神经网络(convolutional neural network,CNN)的漏洞自动分类方法,借鉴深度学习的技术思想自动获取漏洞描述的相关局部特征,通过batchnorm规范化数据解决文本训练不稳定问题,进而实现漏洞类型的有效划分.实验表明,与传统方法相比,该方法在漏洞自动分类效率上能够得到显著的提高.
Vulnerability classification technology is an important basis in information security vulnerability research,and is also an important means for effective management and control of vulnerability resources.In order to solve the problem of large-scale classification of vulnerabilities,an automatic vulnerability classification method was proposed based on convolutional neural network.Referring to the thought of deep learning,relevant local features of vulnerability description were acquired automatically,and the unstable problem of text training was solved through batchnorm normalized data,so as to realize the effective classification of vulnerabilities.Experiments show that compared with the traditional method,the efficiency of automatic classification of vulnerabilities can be improved to a certain degree with the proposed method.
作者
曲泷玉
贾依真
郝永乐
QU Long-yu;JIA Yi-zhen;HAO Yong-le(China Information Technology Security Evaluation Center,Beijing 100085,China)
出处
《北京理工大学学报》
EI
CAS
CSCD
北大核心
2019年第7期738-742,共5页
Transactions of Beijing Institute of Technology
关键词
卷积神经网络
漏洞分类
国家信息安全漏洞库
convoputional nered network
vulnerability classification
China national vulnerability database of information security
