Abstract
Mapping Common Vulnerabilities and Exposures (CVEs) to the related Common Weakness Enumerations (CWE) is crucial in cybersecurity because this link allows categorizing vulnerabilities, prioritizing remediation efforts, and improving mitigation strategies.
However, this process often requires manual effort to understand and connect a CVE to its CWE, which is undesirable due to its time-consuming nature.
Existing automated approaches typically rely on vectorizing CVE descriptions using embedding techniques followed by machine learning classifiers. However, little attention has been given to evaluating whether CVE descriptions are the most effective starting point for automated classification, as these descriptions often contain irrelevant details that do not contribute to CVE-to-CWE mapping.
Our research investigates to what extent we can automatically extract key information from CVE descriptions required to perform such mapping and evaluates how this technique improves existing methods for identifying related weaknesses using this extracted information.
To this end, we present an approach that automates extracting key terms of CVEs through Large Language Models and evaluate the effect of focusing on various parts of the CVE description.
We show that our key term extraction technique improves the F1-score of transformer-based classification of CVEs into CWEs up to 8.89% while providing a modest increase for more traditional mapping approaches.
However, this process often requires manual effort to understand and connect a CVE to its CWE, which is undesirable due to its time-consuming nature.
Existing automated approaches typically rely on vectorizing CVE descriptions using embedding techniques followed by machine learning classifiers. However, little attention has been given to evaluating whether CVE descriptions are the most effective starting point for automated classification, as these descriptions often contain irrelevant details that do not contribute to CVE-to-CWE mapping.
Our research investigates to what extent we can automatically extract key information from CVE descriptions required to perform such mapping and evaluates how this technique improves existing methods for identifying related weaknesses using this extracted information.
To this end, we present an approach that automates extracting key terms of CVEs through Large Language Models and evaluate the effect of focusing on various parts of the CVE description.
We show that our key term extraction technique improves the F1-score of transformer-based classification of CVEs into CWEs up to 8.89% while providing a modest increase for more traditional mapping approaches.
| Original language | English |
|---|---|
| Publication status | Published - 2025 |
Fingerprint
Dive into the research topics of 'What Matters Most in Vulnerabilities? Key Term Extraction for CVE-to-CWE Mapping with LLMs'. Together they form a unique fingerprint.Research output
- 1 Conference contribution
-
What Matters Most in Vulnerabilities? Key Term Extraction for CVE-to-CWE Mapping with LLMs
Simonetto, S., Oostveen, R., Van Ede, T., Bosch, P. & Jonker, W., 14 Nov 2025, Cryptology and Network Security: 24th International Conference, CANS 2025, Osaka, Japan, November 17–20, 2025, Proceedings. Kim, Y., Miyaji, A. & Tibouchi, M. (eds.). 1 ed. Singapore: Springer, p. 467-492 26 p. (Lecture Notes in Computer Science; vol. 16351).Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review
Open AccessFile20 Downloads (Pure)
Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver