Improving Vulnerability Description Using Natural Language Generation

Althebeiti, Hattan

01 January 2023

Software plays an integral role in powering numerous everyday computing gadgets. As our reliance on software continues to grow, so does the prevalence of software vulnerabilities, with significant implications for organizations and users. As such, documenting vulnerabilities and tracking their development becomes crucial. Vulnerability databases addressed this issue by storing a record with various attributes for each discovered vulnerability. However, their contents suffer several drawbacks, which we address in our work. In this dissertation, we investigate the weaknesses associated with vulnerability descriptions in public repositories and alleviate such weaknesses through Natural Language Processing (NLP) approaches. The first contribution examines vulnerability descriptions in those databases and approaches to improve them. We propose a new automated method leveraging external sources to enrich the scope and context of a vulnerability description. Moreover, we exploit fine-tuned pretrained language models for normalizing the resulting description. The second contribution investigates the need for uniform and normalized structure in vulnerability descriptions. We address this need by breaking the description of a vulnerability into multiple constituents and developing a multi-task model to create a new uniform and normalized summary that maintains the necessary attributes of the vulnerability using the extracted features while ensuring a consistent vulnerability description. Our method proved effective in generating new summaries with the same structure across a collection of various vulnerability descriptions and types. Our final contribution investigates the feasibility of assigning the Common Weakness Enumeration (CWE) attribute to a vulnerability based on its description. CWE offers a comprehensive framework that categorizes similar exposures into classes, representing the types of exploitation associated with such vulnerabilities. Our approach utilizing pre-trained language models is shown to outperform Large Language Model (LLM) for this task. Overall, this dissertation provides various technical approaches exploiting advances in NLP to improve publicly available vulnerability databases.

Vulnerability

NVD

CVE

Natural Language Processing

Transformer

LLM

Computer Engineering

Quantifying Computer Network Security

Burchett, Ian

01 December 2011

Simplifying network security data to the point that it is readily accessible and usable by a wider audience is increasingly becoming important, as networks become larger and security conditions and threats become more dynamic and complex, requiring a broader and more varied security staff makeup. With the need for a simple metric to quantify the security level on a network, this thesis proposes: simplify a network’s security risk level into a simple metric. Methods for this simplification of an entire network’s security level are conducted on several characteristic networks. Identification of computer network port vulnerabilities from NIST’s Network Vulnerability Database (NVD) are conducted, and via utilization of NVD’s Common Vulnerability Scoring System values, composite scores are created for each computer on the network, and then collectively a composite score is computed for the entire network, which accurately represents the health of the entire network. Special concerns about small numbers of highly vulnerable computers or especially critical members of the network are confronted.

computer networks

NVD

CVSS

network security data

security risk level

Computer Sciences

Databases and Information Systems

OS and Networks

A Method for Recommending Computer-Security Training for Software Developers

Nadeem, Muhammad

12 August 2016

Vulnerable code may cause security breaches in software systems resulting in financial and reputation losses for the organizations in addition to loss of their customers’ confidential data. Delivering proper software security training to software developers is key to prevent such breaches. Conventional training methods do not take the code written by the developers over time into account, which makes these training sessions less effective. We propose a method for recommending computer–security training to help identify focused and narrow areas in which developers need training. The proposed method leverages the power of static analysis techniques, by using the flagged vulnerabilities in the source code as basis, to suggest the most appropriate training topics to different software developers. Moreover, it utilizes public vulnerability repositories as its knowledgebase to suggest community accepted solutions to different security problems. Such mitigation strategies are platform independent, giving further strength to the utility of the system. This research discussed the proposed architecture of the recommender system, case studies to validate the system architecture, tailored algorithms to improve the performance of the system, and human subject evaluation conducted to determine the usefulness of the system. Our evaluation suggests that the proposed system successfully retrieves relevant training articles from the public vulnerability repository. The human subjects found these articles to be suitable for training. The human subjects also found the proposed recommender system as effective as a commercial tool.

FindBugs

Static code analysis

Jaccard index

tf–idf

training

NVD

CWE

software vulnerabilities

software security

Recommender system

Evaluation of night vision devices for image fusion studies

Cheng, Wee Kiang

12 1900

Approved for public release; distribution in unlimited. / Night Vision Devices (NVD) using Image Intensification (II) technology are among the most important sensors used by ground troops and aviators in night operations for modern combat. With the intensified images from these devices, soldiers can see an enemy's movement better and further in darkness. This thesis explores different test methods in evaluating the performances and sensitivities of several NVDs for future image fusion studies. Specification data such as sensitivity, resolution (Modulation Transfer Function) and pixel size are obtained. Comparative analyses of the collected results are made to characterize the performances of the different NVDs. A new method using MATLAB programming to objectively analyze digitized images for characterization of II based NVDs is proposed. This test method can also be extended to the evaluation of Thermal Imaging (TI) systems for comparative analysis with II NVDs. In addition, the feasibility of testing NVDs using both II and TI technologies, with common operating conditions and target boards is discussed. Finally, the potential of using these digitized images for image fusion studies is verified with the test and evaluation results. / Republic of Singapore

Night vision devices

Image intensifiers

Night Vision Device, NVD

image intensification, II

thermal imaging, TI

contrast transfer function, CTF

modulation transfer function, MTF

image fusion

Real Time Vehicle Detection for Intelligent Transportation Systems

Shurdhaj, Elda, Christián, Ulehla

January 2023

This thesis aims to analyze how object detectors perform under winter weather conditions, specifically in areas with varying degrees of snow cover. The investigation will evaluate the effectiveness of commonly used object detection methods in identifying vehicles in snowy environments, including YOLO v8, Yolo v5, and Faster R-CNN. Additionally, the study explores the method of labeling vehicle objects within a set of image frames for the purpose of high-quality annotations in terms of correctness, details, and consistency. Training data is the cornerstone upon which the development of machine learning is built. Inaccurate or inconsistent annotations can mislead the model, causing it to learn incorrect patterns and features. Data augmentation techniques like rotation, scaling, or color alteration have been applied to enhance some robustness to recognize objects under different alterations. The study aims to contribute to the field of deep learning by providing valuable insights into the challenges of detecting vehicles in snowy conditions and offering suggestions for improving the accuracy and reliability of object detection systems. Furthermore, the investigation will examine edge devices' real-time tracking and detection capabilities when applied to aerial images under these weather conditions. What drives this research is the need to delve deeper into the research gap concerning vehicle detection using drones, especially in adverse weather conditions. It highlights the scarcity of substantial datasets before Mokayed et al. published the Nordic Vehicle Dataset. Using unmanned aerial vehicles(UAVs) or drones to capture real images in different settings and under various snow cover conditions in the Nordic region contributes to expanding the existing dataset, which has previously been restricted to non-snowy weather conditions. In recent years, the leverage of drones to capture real-time data to optimize intelligent transport systems has seen a surge. The potential of drones in providing an aerial perspective efficiently collecting data over large areas to precisely and timely monitor vehicular movement is an area that is imperative to address. To a greater extent, snowy weather conditions can create an environment of limited visibility, significantly complicating data interpretation and object detection. The emphasis is set on edge devices' real-time tracking and detection capabilities, which in this study introduces the integration of edge computing in drone technologies to explore the speed and efficiency of data processing in such systems.

Unmanned aerial vehicles (UAVs)

vehicle detection

CNN architecture

snow cover

NVD

Yolov5s

Yolov8s

Faster R-CNN

real-time processing

edge devices

Computer Sciences

Datavetenskap (datalogi)

Coding For Multi-Antenna Wireless Systems And Wireless Relay Networks

Kiran, T

11 1900

Communication over a wireless channel is a challenging task because of the inherent fading effects. Any wireless communication system employs some form of diversity improving techniques in order to improve the reliability of the channel. This thesis deals with efficient code design for two different spatial diversity techniques, viz, diversity by employing multiple antennas at the transmitter and/or the receiver, and diversity through cooperative commu- nication between users. In other words, this thesis deals with efficient code design for (1) multiple-input multiple-output (MIMO) channels, and (2) wireless relay channels. Codes for the MIMO channel are termed space-time (ST) codes and those for the relay channels are called distributed ST codes. The first part of the thesis focuses on ST code construction for MIMO fading channel with perfect channel state information (CSI) at the receiver, and no CSI at the transmitter. As a measure of performance we use the rate-diversity tradeoff and the Diversity-Multiplexing Gain (D-MG) Tradeoff, which are two different tradeoffs characterizing the tradeoff between the rate and the reliability achievable by any ST code. We provide two types of code constructions that are optimal with respect to the rate-diversity tradeoff; one is based on the rank-distance codes which are traditionally applied as codes for storage devices, and the second construction is based on a matrix representation of a cayley algebra. The second contribution in ST code constructions is related to codes with a certain nonvanishing determinant (NVD) property. Motivation for these constructions is a recent result on the necessary and sufficient conditions for an ST code to achieve the D-MG tradeoff. Explicit code constructions satisfying these conditions are provided for certain number of transmit antennas. The second part of the thesis focuses on distributed ST code construction for wireless relay channel. The transmission protocol follows a two-hop model wherein the source broadcasts a vector in the first hop and in the second hop the relays transmit a vector that is a transformation of the received vector by a relay-specific unitary transformation. While the source and relays do not have CSI, at the destination we assume two different scenarios (a) destina- tion with complete CSI (b) destination with only the relay-destination CSI. For both these scenarios, we derive a Chernoff bound on the pair-wise error probability and propose code design criteria. For the first case, we provide explicit construction of distributed ST codes with lower decoding complexity compared to codes based on some earlier system models. For the latter case, we propose a novel differential encoding and differential decoding technique and also provide explicit code constructions. At the heart of all these constructions is the cyclic division algebra (CDA) and its matrix representations. We translate the problem of code construction in each of the above scenarios to the problem of constructing CDAs satisfying certain properties. Explicit examples are provided to illustrate each of these constructions.

Antennas

wireless Communication

Wireless Relay communication

Space-Time Codes (ST)

Distributed Space-Time Codes

Wireless Relay Channels - Codes

Space-Time Block Codes (STBC)

Nonvanishing Determinant (NVD)

Rate-diversity Tradeoff

Cyclic Division Algebra (CDA)

Communication Engineering