ASVC: An Automatic Security Vulnerability Categorization Framework Based on Novel Features of Vulnerability Data

— Security vulnerabilities are a main cause of network security. Vulnerability classification gives us a better understanding of the essence of vulnerabilities, which help propose efficient solutions. However, applying Vulnerability Categorization Standard (VCS) to manually categorize vulnerabilities is impracticable since it is time-consuming and subjective. To address this issue, a new framework named Automatic Security Vulnerabilities Categorization Framework (ASVC) is proposed based on Text Mining. To further improve the accuracy, a new rule for extraction of features of Text Mining is proposed. ASVC abstracts the categorization of vulnerabilities into a process of Text Mining, and categorize vulnerabilities automatically according to a VCS. Finally, VCS of Common Weakness Enumeration is applied to three main Vulnerability Databases based on ASVC in a fast way, about 1000 vulnerabilities per hour. The accuracy of the categorization is 86.8%, 8.3% higher than previous works.