0% Complete
English
صفحه اصلی
/
شانزدهمین کنفرانس بین المللی فناوری اطلاعات و دانش
Robustness Gap in NLP Models for Vulnerability Descriptions: Benchmarking and Data Augmentation
نویسندگان :
AmirHossein Majd
1
Mahdi Yousefikia
2
Saghar Ghasemzadeh
3
Amirreza Asari
4
Arya Khoshnavataher
5
Seyedeh Leili Mirtaheri
6
1- University of Calabria
2- دانشگاه خوارزمی
3- دانشگاه خوارزمی
4- دانشگاه خوارزمی
5- دانشگاه خوارزمی
6- University of Calabria
کلمات کلیدی :
Software Vulnerabilities،Natural Language Processing،Robustness Benchmark،Noise Injection،Exploitability Prediction،Data Augmentation،Cybersecurity
چکیده :
Software vulnerability descriptions from CVE/NVD are the primary corpus for analysis, prioritization, and risk management in cybersecurity. Yet natural noise (typos, synonym substitutions, lexical variety) and adversarial perturbations undermine the accuracy and trustworthiness of NLP models. This paper presents, to our knowledge, the first systematic benchmark of NLP robustness on vulnerability descriptions. We train nine diverse architectures—lightweight transformers (MiniLM, MPNet, SBERT), hybrid models (BERT-LSTM, TextRCNN), and classical recurrent networks (BiLSTM, LSTM)—on a balanced dataset of over 56,000 real-world records from NVD and Exploit-DB, and fine-tune them for exploitability prediction. For comprehensive evaluation, we inject three noise families into test sets at levels from 10% to 80%: character-level edits (substitutions/swaps), synonym replacements using WordNet, and composite adversarial attacks generated with TextAttack. Performance declines across all models as noise rises, but vulnerability profiles differ: MiniLM attains the strongest clean-data score (F1 ≈ 0.933) yet is most brittle under character noise, whereas TextRCNN, despite a lower baseline, preserves comparatively higher stability in heavily perturbed conditions. Finally, we test a pragmatic hardening strategy—data augmentation with noisy variants followed by retraining—which consistently narrows robustness gaps across architectures without materially sacrificing clean-data accuracy. The benchmark and code enable reproducible evaluation and future robust modeling in cybersecurity.
لیست مقالات
لیست مقالات بایگانی شده
طبقه بندی روش های شناسایی داده های تکراری در جهت تسهیل فرایند پاکسازی داده ها
مهدی جعفری - احمد عبدالله زاده بار فروش
An Efficient Link Prediction Method using Community Structures
Dr Hadi Shakibian - Setareh Mokhtari
ElectroCNN: Regressive CNN-based Energy Consumption Forecasting Leveraging Weather Data
Dharmi Patel - Mann Patel - Krisha Darji - Rajesh Gupta - Sudeep Tanwar - Jitendra Bhatia - Hossein Shahinzadeh
LuckyAgent2022: A Stop-Learning Multi-Armed Bandit Automated Negotiating Agent
Arash Ebrahimnezhad - Faria Nassiri-Mofakham
Paths-oriented Test Data Generation using Genetic Algorithm
Mohammad Reza Hassanpour Charmchi - Dr Bagher Rahimpour cami
Integrating Wasserstein GANs for High-Speed Transformer-Based Neural Machine Translation
Parisa Nekoogol - Mostafa Salehi
Recommendation Systems in Smart Agriculture: Pathway to a well-designed system
Ahmad Nameni - Amir Ghafarian Daneshmand - Omid Mahdi Ebadati E
BMPA- DSL: Binary Marine Predators Algorithm to Identify Driver's Different Levels of Stress
Mahtab Vaezi - Mehdi Nasri - Farhad Azimifar - Mahdi Mosleh
Vi-Net: A Deep Violent Flow Network for Violence Detection in Video Sequences
Tahereh Zarrat Ehsan - Seyed Mehdi Mohtavipour
An ESB-based Architecture for Authentication as a Service Through Enterprise Application Integration
Masoumeh Hashemi - Mehdi Sakhaei-nia - Morteza Yousef Sanati
بیشتر
ثمین همایش، سامانه مدیریت کنفرانس ها و جشنواره ها - نگارش 44.0.7