PulseAugur
EN
LIVE 05:18:31

BERT models compared for CVE-to-CWE mapping, taxonomy structure impacts errors

A new research paper explores the effectiveness of different BERT models for mapping Common Vulnerabilities and Exposures (CVE) records to Common Weakness Enumeration (CWE) categories. The study compares multi-class and multi-label classification approaches using BERT Base, SecureBERT, and CySecBERT across various nested label spaces. Results indicate that multi-class training generally yields higher macro-F1 scores, though the gap narrows with smaller label spaces. The research also highlights that the structure of the CWE taxonomy significantly influences classification errors, more so than the choice of encoder. AI

IMPACT This research could improve automated vulnerability analysis by refining how NLP models interpret and categorize security weaknesses.

RANK_REASON The cluster contains a research paper detailing a novel application of NLP models to a cybersecurity classification task. [lever_c_demoted from research: ic=1 ai=1.0]

Read on arXiv cs.LG →

AI-generated summary · Google Gemini · from 1 sources. How we write summaries →

BERT models compared for CVE-to-CWE mapping, taxonomy structure impacts errors

COVERAGE [1]

  1. arXiv cs.LG TIER_1 English(EN) · Jörg Frochte ·

    Multi-Class vs. Multi-Label BERT for CVE-to-CWE Mapping: How Taxonomy Structure Shapes the Errors

    Assigning Common Weakness Enumeration (CWE) categories to Common Vulnerabilities and Exposures (CVE) records remains an important but largely manual step in vulnerability analysis. We study this task as a text classification problem and compare two modelling choices: a \emph{mult…