Conference paper Open Access

Automatic Part-of-Speech Tagging for Security Vulnerability Descriptions

Yitagesu, Sofonias; Zhang, Xiaowang; Feng, Zhiyong; Li, Xiaohong; Xing, Zhenchang


MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="http://www.loc.gov/MARC21/slim">
  <leader>00000nam##2200000uu#4500</leader>
  <datafield tag="041" ind1=" " ind2=" ">
    <subfield code="a">eng</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">Fine-Tuning, Part-of-Speech tagging, Unsupervised word embedding, Security vulnerability descriptions</subfield>
  </datafield>
  <controlfield tag="005">20210324002730.0</controlfield>
  <controlfield tag="001">4632063</controlfield>
  <datafield tag="711" ind1=" " ind2=" ">
    <subfield code="d">17-19 May 2021</subfield>
    <subfield code="g">MSR 2021</subfield>
    <subfield code="a">The 2021 IEEE/ACM 18th International Conference on Mining Software Repositories</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Tianjin University, China</subfield>
    <subfield code="a">Zhang, Xiaowang</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Tianjin University, China</subfield>
    <subfield code="a">Feng, Zhiyong</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Tianjin University, China</subfield>
    <subfield code="a">Li, Xiaohong</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Australian National University, Australia</subfield>
    <subfield code="a">Xing, Zhenchang</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">1377678</subfield>
    <subfield code="z">md5:60927d17dae7e1a37f3331cb1081f68d</subfield>
    <subfield code="u">https://zenodo.org/record/4632063/files/Automatic Part-of-Speech Tagging for SVD.pdf</subfield>
  </datafield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  </datafield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2021-03-23</subfield>
  </datafield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">openaire</subfield>
    <subfield code="o">oai:zenodo.org:4632063</subfield>
  </datafield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="u">Tianjin University, China</subfield>
    <subfield code="a">Yitagesu, Sofonias</subfield>
  </datafield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">Automatic Part-of-Speech Tagging for Security Vulnerability Descriptions</subfield>
  </datafield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="u">https://creativecommons.org/licenses/by/4.0/legalcode</subfield>
    <subfield code="a">Creative Commons Attribution 4.0 International</subfield>
  </datafield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2">opendefinition.org</subfield>
  </datafield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">&lt;p&gt;Abstract&amp;mdash;In this paper, we study the problem of part-of-speech (POS) tagging for security vulnerability descriptions (SVD). In&lt;br&gt;
contrast to newswire articles, SVD often contains a high-level natural language description of the text composed of mixed&lt;br&gt;
language studded with codes, domain-specific jargon, vague language, and abbreviations. Moreover, training data dedicated&lt;br&gt;
to security vulnerability research is not widely available. Existing neural network-based POS tagging has often relied on manually&lt;br&gt;
annotated training data or applying natural language processing (NLP) techniques, suffering from two significant drawbacks. The&lt;br&gt;
former is extremely time-consuming and requires labor-intensive feature engineering and expertise. The latter is inadequate to&lt;br&gt;
identify linguistically-informed words specific to the SVD domain. In this paper, we propose an automatic approach to assign POS&lt;br&gt;
tags to tokens in SVD. Our approach uses the character-level representation to automatically extract orthographic features and&lt;br&gt;
unsupervised word embeddings to capture meaningful syntactic and semantic regularities from SVD. The character level representations are then concatenated with the word embedding as a combined feature, which is then learned and used to predict&lt;br&gt;
the POS tagging. To deal with the issue of the poor availability of annotated security vulnerability data, we implement a finetuning approach. Our approach provides public access to a POS annotated corpus of &amp;sim;8M tokens, which serves as a training dataset in this domain. Our evaluation results show a significant improvement in accuracy (17.72%-28.22%) of POS tagging in SVD over the current approaches.&lt;/p&gt;</subfield>
  </datafield>
  <datafield tag="773" ind1=" " ind2=" ">
    <subfield code="n">doi</subfield>
    <subfield code="i">isVersionOf</subfield>
    <subfield code="a">10.5281/zenodo.4632062</subfield>
  </datafield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.5281/zenodo.4632063</subfield>
    <subfield code="2">doi</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">publication</subfield>
    <subfield code="b">conferencepaper</subfield>
  </datafield>
</record>
322
261
views
downloads
All versions This version
Views 322322
Downloads 261261
Data volume 359.6 MB359.6 MB
Unique views 296296
Unique downloads 226226

Share

Cite as