Intelligent Prediction of Vulnerability Severity Level Based on Text Mining and XGBboost

Abstract

Vulnerabilities have always been important factors threatening the security of information systems. The endless vulnerabilities pose a huge threat to the social economy and public privacy. The vulnerability database provides abundant materials for researchers to study the threat of vulnerabilities, while mining the text information of the database and obtaining valuable information can help to grasp the severity level of the vulnerability. Based on the textual description of vulnerabilities in the database, we first use text mining to extract main features. Then we utilize principal component analysis to gather sparse features which take sparse characteristic into consideration. Finally we use XGBoost to intelligently predict the severity level of vulnerabilities and compare them with the results of other machine learning methods based on same extracted features. The experiment on real-world vulnerability text description show the effectiveness of our method.