Automatic Part-of-Speech Tagging for Security Vulnerability Descriptions

Yitagesu, Sofonias; Zhang, Xiaowang; Feng, Zhiyong; Li, Xiaohong; Xing, Zhenchang

doi:10.5281/zenodo.4632063

March 23, 2021 Conference paper Open Access

Automatic Part-of-Speech Tagging for Security Vulnerability Descriptions

Yitagesu, Sofonias; Zhang, Xiaowang; Feng, Zhiyong; Li, Xiaohong; Xing, Zhenchang

MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="http://www.loc.gov/MARC21/slim">
  <leader>00000nam##2200000uu#4500</leader>
  <datafield tag="041" ind1=" " ind2=" ">
    <subfield code="a">eng</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">Fine-Tuning, Part-of-Speech tagging, Unsupervised word embedding, Security vulnerability descriptions</subfield>
  </datafield>
  <controlfield tag="005">20210324002730.0</controlfield>
  <controlfield tag="001">4632063</controlfield>
  <datafield tag="711" ind1=" " ind2=" ">
    <subfield code="d">17-19 May 2021</subfield>
    <subfield code="g">MSR 2021</subfield>
    <subfield code="a">The 2021 IEEE/ACM 18th International Conference on Mining Software Repositories</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Tianjin University, China</subfield>
    <subfield code="a">Zhang, Xiaowang</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Tianjin University, China</subfield>
    <subfield code="a">Feng, Zhiyong</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Tianjin University, China</subfield>
    <subfield code="a">Li, Xiaohong</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Australian National University, Australia</subfield>
    <subfield code="a">Xing, Zhenchang</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">1377678</subfield>
    <subfield code="z">md5:60927d17dae7e1a37f3331cb1081f68d</subfield>
    <subfield code="u">https://zenodo.org/record/4632063/files/Automatic Part-of-Speech Tagging for SVD.pdf</subfield>
  </datafield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  </datafield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2021-03-23</subfield>
  </datafield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">openaire</subfield>
    <subfield code="o">oai:zenodo.org:4632063</subfield>
  </datafield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="u">Tianjin University, China</subfield>
    <subfield code="a">Yitagesu, Sofonias</subfield>
  </datafield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">Automatic Part-of-Speech Tagging for Security Vulnerability Descriptions</subfield>
  </datafield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="u">https://creativecommons.org/licenses/by/4.0/legalcode</subfield>
    <subfield code="a">Creative Commons Attribution 4.0 International</subfield>
  </datafield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2">opendefinition.org</subfield>
  </datafield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">&lt;p&gt;Abstract&amp;mdash;In this paper, we study the problem of part-of-speech (POS) tagging for security vulnerability descriptions (SVD). In&lt;br&gt;
contrast to newswire articles, SVD often contains a high-level natural language description of the text composed of mixed&lt;br&gt;
language studded with codes, domain-specific jargon, vague language, and abbreviations. Moreover, training data dedicated&lt;br&gt;
to security vulnerability research is not widely available. Existing neural network-based POS tagging has often relied on manually&lt;br&gt;
annotated training data or applying natural language processing (NLP) techniques, suffering from two significant drawbacks. The&lt;br&gt;
former is extremely time-consuming and requires labor-intensive feature engineering and expertise. The latter is inadequate to&lt;br&gt;
identify linguistically-informed words specific to the SVD domain. In this paper, we propose an automatic approach to assign POS&lt;br&gt;
tags to tokens in SVD. Our approach uses the character-level representation to automatically extract orthographic features and&lt;br&gt;
unsupervised word embeddings to capture meaningful syntactic and semantic regularities from SVD. The character level representations are then concatenated with the word embedding as a combined feature, which is then learned and used to predict&lt;br&gt;
the POS tagging. To deal with the issue of the poor availability of annotated security vulnerability data, we implement a finetuning approach. Our approach provides public access to a POS annotated corpus of &amp;sim;8M tokens, which serves as a training dataset in this domain. Our evaluation results show a significant improvement in accuracy (17.72%-28.22%) of POS tagging in SVD over the current approaches.&lt;/p&gt;</subfield>
  </datafield>
  <datafield tag="773" ind1=" " ind2=" ">
    <subfield code="n">doi</subfield>
    <subfield code="i">isVersionOf</subfield>
    <subfield code="a">10.5281/zenodo.4632062</subfield>
  </datafield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.5281/zenodo.4632063</subfield>
    <subfield code="2">doi</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">publication</subfield>
    <subfield code="b">conferencepaper</subfield>
  </datafield>
</record>

322

261

views

downloads

See more details...

	All versions	This version
Views	322	322
Downloads	261	261
Data volume	359.6 MB	359.6 MB
Unique views	296	296
Unique downloads	226	226

More info on how stats are collected.

Indexed in

Publication date:

March 23, 2021

DOI:

Keyword(s):

Fine-Tuning, Part-of-Speech tagging, Unsupervised word embedding, Security vulnerability descriptions

Meeting:

The 2021 IEEE/ACM 18th International Conference on Mining Software Repositories (MSR 2021), 17-19 May 2021

License (for files):

Creative Commons Attribution 4.0 International

Versions

Version 1 10.5281/zenodo.4632063

Mar 23, 2021

Cite all versions? You can cite all versions by using the DOI 10.5281/zenodo.4632062. This DOI represents all versions, and will always resolve to the latest one. Read more.

Automatic Part-of-Speech Tagging for Security Vulnerability Descriptions

MARC21 XML Export

Versions

Share

Cite as

Export

About

Blog

Help

Developers

Contribute

Automatic Part-of-Speech Tagging for Security Vulnerability Descriptions

MARC21 XML Export

Zenodo DOI Badge

DOI

10.5281/zenodo.4632063

Markdown

[![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.4632063.svg)](https://doi.org/10.5281/zenodo.4632063)

reStructedText

.. image:: https://zenodo.org/badge/DOI/10.5281/zenodo.4632063.svg :target: https://doi.org/10.5281/zenodo.4632063

HTML

<a href="https://doi.org/10.5281/zenodo.4632063"><img src="https://zenodo.org/badge/DOI/10.5281/zenodo.4632063.svg" alt="DOI"></a>

Image URL

https://zenodo.org/badge/DOI/10.5281/zenodo.4632063.svg

Target URL

https://doi.org/10.5281/zenodo.4632063

Versions

Share

Cite as

Export