Research On Vulnerability Severity And Exploitation Possibility Prediction Of Multi-Task Deep Learning

With the rapid development of information technology,cybersecurity issues have become increasingly serious.Vulnerability risk assessment plays a critical role in ensuring cybersecurity.Existing vulnerability warning systems are limited by the constant changes and emergence of vulnerabilities,unable to timely and effectively cope with potential threats,and suffer from severe latency.Based on this,this dissertation mainly targets publicly available vulnerability data,and studies how to accurately predict the severity of vulnerabilities and how to improve the accuracy of vulnerability exploitability prediction,thereby enhancing the accuracy of vulnerability risk assessment and prediction,and alleviating the latency of vulnerability warnings.The specific content includes the following three parts:(1)To address the issue of low accuracy in predicting vulnerability severity,this dissertation proposes a multi-task deep learning method.The central idea hinges on leveraging the benefits of a distilled version of BERT and a bidirectional long short-term memory model.This approach employs pre-trained models to extract features through multi-task learning,trains separate models for each of the 8 indicators of the Common Vulnerability Scoring System using extracted sentence vectors,and then calculates the vulnerability severity score using the Common Vulnerability Scoring System with the 8 prediction results.Experimental results demonstrate that the proposed model significantly outperforms existing methods,exhibiting a noticeable improvement in the F1 value across the 8 indicators of the Common Vulnerability Scoring System.This underscores the effectiveness of applying multi-task deep learning techniques to vulnerability severity prediction.(2)To address the issue of low accuracy in predicting the likelihood of vulnerability exploitation,this dissertation proposes a deep learning-based method.The central idea is to conduct binary classification using pre-trained models,text convolutional neural networks,and multiple classifiers such as multilayer perceptron,random forest,and extreme gradient boosting.Experimental results indicate that the proposed model achieves an F1 value of 0.87 on the CVE dataset,surpassing other model combinations and existing methods.This improves the precision of predicting the likelihood of vulnerability exploitation,while also mitigating the latency in vulnerability warnings,thus offering an effective solution for vulnerability exploitability prediction.(3)To implement the vulnerability prediction method proposed in this dissertation,we designed the DTVP Chrome extension.This extension aims to provide users with real-time assessments of vulnerability severity and exploitability,thus mitigating the latency in vulnerability warnings.The research and results of this dissertation show that the proposed methods not only improve the accuracy of vulnerability severity and exploitability prediction,but also effectively alleviate the latency of vulnerability warnings.Meanwhile,the designed DTVP Chrome extension uses the prediction model proposed in this dissertation to provide users with real-time assessments of vulnerability severity and exploitability.