An automatic vulnerabilities classification method based on their relevance

Abstract

In this paper, we focus on the need for mining the relevance of computer security vulnerabilities and propose an automatic vulnerability classification method using the relevance. Based on the theory of privilege elevation, we set five privilege levels and use the concept of Prerequisite Privilege (PRE) and Result Privilege (RES) of each vulnerability to illustrate the change of an attacker’s privilege due to the vulnerabilities exploited by the attacker. We design two classifiers - one is based on TFIDF and the other is based on Naive Bayes theory - to automatically find out the PRE and RES of each vulnerability after trained by more than 7000 training data. Finally, we fuse these two classifiers and the experiment results on Linux vulnerability data show that this method has high accuracy and efficiency. Using this method, we successfully exploit the category of each new vulnerability and analyze the relevance between different vulnerabilities.