Automatic vulnerability assessment method based on char-word feature fusion and BO-LightGBM

Aiming at the lack of timely and accurate analysis and automatic evaluation classification of unknown software vulnerabilities, a vulnerability feature automatic evaluation method based on word feature fusion and Bayesian optimization of LightGBM was proposed. Firstly, in order to reduce the influence of new terms in the unknown software vulnerability description, the character and word features in the vulnerability description information are extracted by using the word feature aggregation method. In order to prevent time information disclosure, the data are arranged by year, and the appropriate data set division method is selected by time cross validation method. Secondly, LightGBM algorithm is used to determine the advantage of the optimal feature through feature statistics, and the algorithm is used to classify and evaluate the seven characteristics of vulnerability, such as confidentiality and integrity. In order to further improve the accuracy, a Bayesian optimizer is added to optimize and adjust the eight hyperparameters in LightGBM algorithm. Finally, the experiment on the US National Common Vulnerability database shows that the fusion algorithm can combine the word and character features in the vulnerability description information, and has higher accuracy in the classification and evaluation of unknown vulnerabilities. In addition, compared with other integrated learning algorithms, LightGBM algorithm based on Bayesian optimization parameter optimization can further play the advantages of the LightGBM algorithm and improve the accuracy of vulnerability feature evaluation.