Enhanced (cyber) situational awareness: Using interpretable principal component analysis (iPCA) to automate vulnerability severity scoring

Abstract

The Common Vulnerability Scoring System (CVSS) is widely used in the cybersecurity industry to assess the severity of vulnerabilities. However, manual assessments and human error can lead to delays and inconsistencies. This study employs situational awareness theory to develop an automated decision support system, integrating perception, comprehension, and projection components to enhance effectiveness. Specifically, an interpretable principal component analysis (iPCA) combined with machine learning is utilized to forecast CVSS scores using text descriptions from the Common Vulnerabilities and Exposures (CVE) database. Different forecasting approaches, including traditional machine learning models, Long-Short Term Memory Neural Networks, and Transformer architectures (ChatGPT) are compared to determine the best performance. The results show that iPCA combined with support vector regression achieves a high performance (R² = 98%) in predicting CVSS scores using CVE text descriptions. The results indicate that the variability, length, and details in the vulnerability description contribute to the performance of the transformer model. These findings are consistent across vulnerability descriptions from six companies between 2017 and 2019. The study's outcomes have the potential to enhance organizations' security posture, improving situational awareness and enabling better managerial decision-making in cybersecurity.