International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056
Volume: 12 Issue: 02 | Feb 2025 www.irjet.net p-ISSN:2395-0072
Common Vulnerabilities and Exposures: What You Should Know
Pavan Reddy Vaka , Consultant , HCL , Frisco , Tx, USA
Abstract
Common Vulnerabilities and Exposures (CVE) serve as a foundational component in the landscape of cyber security, providing a standardized framework for identifying and addressing security flaws across diverse information systems. This research article delves into the intricacies of CVE, elucidating its significance in enhancing organizational security postures and mitigating potential threats. By examining the lifecycle of CVE, from vulnerability identification and classificationtodisseminationandremediation,thestudyhighlightsthepivotalroleCVEplaysinfosteringacollaborative defenseecosystem.Themethodologyencompassessystemarchitecturedesign,datacollectionandpreprocessing,feature engineering,algorithmselection,andmodel training tailoredtoanalyzeCVEdata effectively.Implementation workflows, including real-time vulnerability monitoring and automated response mechanisms, are detailed to demonstrate practical applications. The study evaluates the effectiveness of the proposed framework through performance metrics and continuous monitoring, addressing its advantages, limitations, and challenges. Findings underscore the necessity for robust CVE management practices, emphasizing proactive measures and continuous improvement to safeguard against evolving cyber threats. This research contributes to the field by providing actionable insights and a structured approach for organizations to enhance their vulnerability management strategies, thereby fortifying their defenses in an increasinglyinterconnecteddigitalenvironment.
Keywords: CommonVulnerabilities,CyberSecurity,VulnerabilityManagement,CVEFramework,ThreatMitigation
Introduction
In the contemporary digital era, the proliferation of information technology has transformed the way organizations operate,communicate,anddeliverservices.Thistransformation,whiledrivingefficiencyandinnovation,hasconcurrently amplifiedtheexposureofsystemstoamyriadofcyberthreats.Amongthesethreats,vulnerabilities flawsorweaknesses insoftware,hardware,orprocesses posesignificantrisks,potentiallyleadingtounauthorizedaccess,databreaches,and service disruptions. Addressing these vulnerabilities is paramount for maintaining the integrity, confidentiality, and availabilityofinformationsystems.
CommonVulnerabilitiesandExposures(CVE)provideastandardizedmethodforidentifyingandcatalogingvulnerabilities acrossvariousplatformsandtechnologies.ManagedbytheMITRECorporation,theCVEsystemassignsuniqueidentifiers topubliclyknownsecurityflaws,facilitatingacommonlanguageforsecurityprofessionals,developers,andorganizations to discuss and remediate vulnerabilities. This standardized approach is crucial for ensuring that vulnerabilities are consistentlyrecognizedandaddressed,therebyenhancingtheoverallsecuritypostureoforganizations.
The importance of CVE extends beyond mere identification; it serves as a cornerstone for vulnerability management programs, threat intelligence sharing, and security automation. By providing detailed descriptions of vulnerabilities, including their potential impact and mitigation strategies, CVE enables organizations to prioritize and address security flawseffectively.Moreover,theintegrationofCVEdataintosecuritytoolsandplatforms,suchasSecurityInformationand EventManagement(SIEM)systemsandautomatedpatchmanagementsolutions,facilitatesreal-timethreatdetectionand response,therebyreducingthewindowofopportunityforattackers.
Despiteitssignificance,managingCVEdatapresentsseveralchallenges.Thesheervolumeofvulnerabilities,coupledwith therapidpaceatwhichnewvulnerabilitiesarediscoveredanddisclosed,canoverwhelmorganizations,particularlythose with limited resources or expertise in cyber security. Additionally, the dynamic nature of cyber threats necessitates continuous monitoring and updating of vulnerability databases to ensure that organizations are protected against the latest exploits. Furthermore, the integration of CVE data into existing security workflows requires robust systems and processes,whichmaybehinderedbylegacytechnologiesororganizationalsilos.
Problem Statement
Despite the critical role that Common Vulnerabilities and Exposures (CVE) play in vulnerability management and cyber security, many organizations struggle to effectively leverage CVE data to enhance their security postures. The primary
International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056
Volume: 12 Issue: 02 | Feb 2025 www.irjet.net p-ISSN:2395-0072
challenges include the overwhelming volume of vulnerabilities, the rapid pace of vulnerability disclosures, and the complexity of integrating CVE data into existing security workflows. Additionally, organizations often face difficulties in prioritizing vulnerabilities based on their potential impact, leading to inefficient allocation of resources and increased susceptibilitytocyberattacks.Thelack ofstandardized processesforCVEmanagementfurther exacerbatestheseissues, hinderingorganizationsfrommaintainingup-to-datedefensesagainstemergingthreats.Thisstudyseekstoaddressthese challenges by developing a comprehensive framework for CVE management, aimed at improving vulnerability detection, prioritization, and remediation processes. By identifying and overcoming the current limitations in CVE utilization, the researchendeavorstoprovidearobustsolutionthatenhancestheoverallcyberresilienceoforganizations,ensuringthey arebetterequippedtomitigaterisksandprotectcriticalassetsinanincreasinglycomplexdigitallandscape.
Methodology
System Architecture
The proposed framework for managing Common Vulnerabilities and Exposures (CVE) is designed with a modular and scalablearchitecturetoensurecomprehensivevulnerabilitymanagementandseamlessintegrationwithexistingsecurity infrastructures. The system architecture comprises core components and integration points that facilitate efficient data flow,real-timemonitoring,andautomatedresponsemechanisms.
Core Components:
Data Collection Module: Aggregates CVE data from multiple sources, including the National Vulnerability Database(NVD),MITRECVEList,andthird-partythreatintelligencefeeds.
Data Processing Engine: Handlesdatapreprocessing,includingnormalization,enrichment,andcategorizationof CVEentries.
Vulnerability Assessment Engine: Analyzesandprioritizesvulnerabilitiesbasedonpredefinedcriteria suchas severity,exploitability,andimpact.
Incident Response System: Coordinates response actions, including patch management, configuration changes, andthreatmitigationstrategies.
User Interface Dashboard: Provides real-time visibility into vulnerability status, assessment results, and remediationprogressforstakeholders.
Integration Points:
Security Information and Event Management (SIEM) Systems: Integration with SIEM platforms to correlate CVEdatawithreal-timesecurityeventsandlogs.
Patch Management Tools: Connection with automated patch management solutions to facilitate timely remediationofidentifiedvulnerabilities.
Asset Management Systems: Integrationwithassetinventorydatabasestomapvulnerabilitiestospecificassets andprioritizeremediationeffortsaccordingly.
Collaboration Platforms: Secure integration with collaboration tools such as Slack or Microsoft Teams for streamlinedcommunicationamongsecurityteams.
Data Collection and Preprocessing
EffectivedatacollectionandpreprocessingarefoundationaltobuildinganaccurateandreliableCVEmanagementsystem. This phase involves selecting appropriate datasets, cleaning the data to eliminate noise and inconsistencies, and addressingclassimbalancetoensurebalancedmodeltraining.
Dataset Selection
The study utilizes a combination of publicly available CVE datasets and proprietary data from organizations' internal vulnerability assessments. Primary sources include the National Vulnerability Database (NVD), which
International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056
Volume: 12 Issue: 02 | Feb 2025 www.irjet.net p-ISSN:2395-0072
providescomprehensiveCVEentrieswithdetailedinformationonvulnerabilities,includingdescriptions,severity scores (CVSS), and references. Additionally, data from threat intelligence platforms and security advisories are incorporatedtocapturereal-timevulnerabilitydisclosuresandexploitinformation.
Data Cleaning
Data cleaning involves removing duplicate entries, handling missing values, and standardizing data formats to ensure consistency and accuracy. Techniques such as imputation for missing fields, normalization of severity scores, and categorical encoding for vulnerability types are employed. This process ensures that the data is in a suitableformatforsubsequentanalysisandmodeltraining.
Addressing Class Imbalance
Vulnerability datasets often exhibit class imbalance, where certain types of vulnerabilities are overrepresented compared to others. To mitigate this, techniques such as Synthetic Minority Over-sampling Technique (SMOTE) and under-sampling of the majority class are applied. Balancing the dataset enhances the model's ability to accuratelydetectandclassifyvulnerabilitiesacrossdifferentcategories.
Feature Engineering and Selection
Featureengineeringandselectionarecriticalforimprovingmodelperformanceandensuringthatrelevantinformationis utilizedinvulnerabilityanalysis.
Feature Extraction
KeyfeaturesareextractedfromCVEentries,includingvulnerabilityidentifiers(CVEIDs),descriptions,affectedproducts, severityscores(CVSS),andreferencestopatchesoradvisories.Additionalcontextualfeatures,suchasthepublicationdate oftheCVE,exploitavailability,andthepresenceofknownattackpatterns,arealsoidentifiedtoenhancethedetectionof high-riskvulnerabilities.
Feature Transformation
Feature transformation techniques, such as scaling and dimensionality reduction, are applied to standardize data and reducecomputational complexity.Principal Component Analysis(PCA)andt-distributedStochasticNeighborEmbedding (t-SNE)areutilizedtotransformhigh-dimensionaldataintolower-dimensionalrepresentationswhilepreservingessential patterns.
Feature Selection
Feature selection methods, including Recursive Feature Elimination (RFE) and feature importance scoring using treebased algorithms, are employed to identify and retain the most relevant features. This process reduces overfitting, improvesmodelinterpretability,andenhancescomputationalefficiency.
Algorithm Selection and Model Training
TheselectionofappropriatealgorithmsandeffectivemodeltrainingarepivotalfordevelopingarobustCVEmanagement system.
Algorithm Selection
Acombinationofsupervisedandunsupervisedlearningalgorithmsischosentoaddressdifferentaspectsofvulnerability detectionandprioritization.SupervisedalgorithmssuchasRandomForest,SupportVectorMachines(SVM),andGradient Boostingareemployedforclassificationtasks,whileunsupervisedalgorithmslikeK-MeansClusteringandAutoencoders areusedforanomalydetectioninvulnerabilitypatterns.
Model Training
Models are trained using the preprocessed and balanced datasets, employing cross-validation techniques to ensure generalizability. Hyperparameter tuning is conducted using Grid Search and Random Search methods to optimize model
International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056
Volume: 12 Issue: 02 | Feb 2025 www.irjet.net p-ISSN:2395-0072
performance. Ensemble methods, such as stacking and bagging, are also explored to enhance predictive accuracy and robustness.
Implementation Workflow
Theimplementationworkflowoutlinesthestep-by-stepprocessofdeployingtheCVEmanagementframeworkwithinan organizational environment, integrating various components to ensure seamless operation and effective vulnerability management.
1. Initial Setup and Configuration
Theinitialsetupinvolvesinstallingnecessarysoftware,configuringnetworksettings,andestablishingsecureconnections between system components. This phase includes setting up data collection agents on servers, integrating with SIEM systems,andconfiguringaccesscontrolstoensuresecuredataflow.
2. Sentiment Analysis Implementation
Sentimentanalysisisimplementedtomonitorandanalyzesecurityadvisoriesandthreatintelligencefeedsforsentimentdriven indicators of emerging threats. Natural Language Processing (NLP) techniques are applied to assess the urgency and potential impact of newly disclosed vulnerabilities based on the sentiment expressed in security reports and discussions.
3. Automated Response Generation
Automated response mechanisms are developed to initiate predefined actions upon detecting specific threat indicators. This includes triggering patch management processes, updating firewall rules, and notifying security personnel through alerts.
Automatic Escalation Triggers
1. Sentiment-based Escalation
Escalationtriggersbasedonsentimentanalysisidentifyandprioritizevulnerabilitiesthatexhibithighlevelsofurgencyor negativesentiment,ensuringthatcriticalthreatsreceiveimmediateattentionandresources.
Execution Steps with Code Program
1. Data Ingestion: Implement data collection scripts using Python libraries such as Pandas and Requests to aggregateCVEdatafromNVDandothersources.
2. Data Processing: Utilize TensorFlow and Scikit-learn for data preprocessing and feature engineering, including normalizationandencoding.
3. Model Training: Develop and train machine learning models using Scikit-learn and TensorFlow frameworks, incorporatingcross-validationandhyperparametertuning.
4. Automated Response: Integrate response scripts with incident management tools using APIs to enable automatedactions,suchasinitiatingpatchdeployments.
5. Real-time Verification: Deploy models using Docker containers and orchestrate with Kubernetes for scalability andreal-timevulnerabilitymonitoring.
Real-time Transaction Verification
Model Deployment
Trained models are deployed in a production environment using containerization technologies such as Docker. Kubernetes is utilized to manage container orchestration, ensuring scalability and high availability of the vulnerability assessmentsystem.
International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056
Volume: 12 Issue: 02 | Feb 2025 www.irjet.net p-ISSN:2395-0072
System Integration
The deployed models are integrated with existing security systems, including SIEM platforms and patch management tools, through secure APIs. This integration facilitates real-time monitoring and verification of vulnerabilities, enabling immediatedetectionandresponsetohigh-riskexposures.
Model Evaluation and Continuous Monitoring
Evaluation Metrics
Performance metrics such as accuracy, precision, recall, F1-score, and Area Under the Receiver Operating Characteristic Curve(AUC-ROC)areemployedtoevaluatemodeleffectiveness.Thesemetricsprovideinsightsintothemodel'sabilityto correctlyclassifyandprioritizevulnerabilities.
Cross-Validation
Cross-validation techniques, including k-fold and stratified sampling, are used to assess model performance and ensure robustness against overfitting. This process enhances the reliability of the model by validating it across multiple data subsets.
Continuous Monitoring
Continuous monitoring systems are established to track model performance in real-time, identifying and addressing any degradation in accuracy or detection capabilities. Automated alerts are configured to notify security teams of any anomaliesorperformanceissues,ensuringthatthesystemremainseffectiveagainstevolvingthreats.
Security and Compliance
Data Security
Data security measures, including encryption, access controls, and secure data storage practices, are implemented to protect sensitive vulnerability information from unauthorized access and breaches. Compliance with industry standards such as the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and AccountabilityAct(HIPAA)isensured.
Regulatory Compliance
The framework adheres to relevant regulatory requirements, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), ensuring that data handling practices meet legal and ethical standards. Regularauditsandassessmentsareconductedtomaintaincomplianceandaddressanygaps.
Analysis
The proposed CVE management framework was implemented in a controlled organizational environment to evaluate its effectiveness in identifying, prioritizing, and remediating vulnerabilities. Data was collected from the National Vulnerability Database (NVD) and integrated with internal vulnerability assessments and threat intelligence feeds. The data preprocessing phase successfully standardized and cleaned the CVE entries, ensuring high-quality input for model training.
Feature engineering techniques extracted critical attributes from the CVE data, including severity scores, affected products, and exploit availability, which were instrumental in enhancing the accuracy of vulnerability prioritization. The featureselectionprocessidentifiedthemostrelevantfeatures,reducingmodelcomplexityandimprovinginterpretability withoutcompromisingperformance.
Themachinelearningmodels,particularlytheensemblemethods,demonstratedhighaccuracyandprecisioninclassifying andprioritizingvulnerabilities.Theintegrationofsentimentanalysisprovidedadditionalcontext,enablingthe systemto detectvulnerabilitiesthatwereactivelybeingexploitedordiscussedwithinthreatintelligencecircles.
Automatedresponsemechanismsprovedeffectiveininitiatingtimelyremediationactions,suchaspatchdeploymentsand configurationadjustments,therebyreducingthewindowofexposure.Real-timemonitoringensuredthatnewlydisclosed
International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056
Volume: 12 Issue: 02 | Feb 2025 www.irjet.net p-ISSN:2395-0072
vulnerabilities were promptly detected and addressed, maintaining the organization's security posture against emerging threats.
Figures 1 and 2 illustrate the methodology and data analysis results, respectively, highlighting the distribution of vulnerabilityseveritiesandtheperformancemetricsoftheimplementedmodels.
Discussion
The results of this study demonstrate that the proposed CVE management framework effectively enhances an organization'sabilitytoidentify,prioritize,andremediatevulnerabilities.Byleveragingmachinelearningalgorithmsand integrating advanced data processing techniques, the framework provides a robust mechanism for managing the complexitiesassociatedwithCVEdata.
Advantages
Enhanced Detection Accuracy: The use of ensemble machine learning models and comprehensive feature engineering resulted in high detection accuracy, enabling the identification of both known and emerging vulnerabilitieswithprecision.
Figure 1: Bar Chart for Methodology
Figure 2: Pie Chart for Data Analysis
International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056
Volume: 12 Issue: 02 | Feb 2025 www.irjet.net p-ISSN:2395-0072
Real-time Monitoring and Response: The framework's capability to monitor vulnerabilities in real-time and initiate automated response actions significantly reduces the window of vulnerability, mitigating threats before theycanbeexploited.
Comprehensive Threat Coverage: Incorporating sentiment analysis allows the system to detect vulnerabilities thatareactivelybeingexploitedordiscussedwithinthreatintelligencechannels,providingaproactiveapproach tothreatmanagement.
Scalability and Flexibility: Themodulararchitecturesupportsscalability,allowingorganizationstoexpandtheir vulnerability management infrastructure as needed. The framework's flexibility facilitates integration with varioussecuritytoolsandplatforms,enhancingitsadaptabilitytodifferentorganizationalenvironments.
Limitations
Resource Intensive: Implementingandmaintainingtheproposedframeworkrequiressubstantialcomputational resourcesandspecialized expertise, whichmay be challengingforsmallerorganizations withlimited budgetsor personnel.
Data Privacy Concerns: Handling sensitive vulnerability data necessitates stringent data privacy measures to complywithregulationsandpreventunauthorizedaccess,addingcomplexitytothedatamanagementprocess.
Dependency on Accurate Data: The effectiveness of the framework is highly dependent on the quality and accuracyofthecollectedCVEdata.Inaccurateorincompletedatacanleadtoreduceddetectionperformanceand misprioritizationofvulnerabilities.
Challenges
Evolving Threat Landscape: Thedynamicnatureofcyberthreatsrequirescontinuousupdatestotheframework toaddressnewandsophisticatedattackvectors,necessitatingongoingresearchanddevelopmentefforts.
Integration with Legacy Systems: ManyorganizationsoperateonlegacyITsystemsthatmaylackcompatibility withmodernsecuritytechnologies,complicatingtheimplementationandintegrationprocess.
User Training and Awareness: Ensuring that all relevant personnel are adequately trained and aware of the framework'sfunctionalitiesisessentialforitssuccess,requiringongoingeducationandtraininginitiatives.
Table 1: Summary of Advantages, Limitations, and Challenges
Category
Advantages
Limitations
Challenges
Details
-EnhancedDetectionAccuracy
-Real-timeMonitoringandResponse
-ComprehensiveThreatCoverage
-ScalabilityandFlexibility
-ResourceIntensive
-DataPrivacyConcerns
-DependencyonAccurateData
-EvolvingThreatLandscape
-IntegrationwithLegacySystems
-UserTrainingandAwareness
Conclusion
Common Vulnerabilities and Exposures (CVE) are integral to modern cyber security practices, providing a standardized frameworkforidentifyingandmanagingvulnerabilitiesacrossdiverseinformationsystems.Thisresearchhaspresenteda comprehensive CVE management framework designed to enhance an organization's ability to detect, prioritize, and remediate vulnerabilities effectively. The implementation and evaluation of the framework demonstrated significant
International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056
Volume: 12 Issue: 02 | Feb 2025 www.irjet.net p-ISSN:2395-0072
improvements in vulnerability detection accuracy, response times, and overall cyber resilience. Despite its promising results, the framework faces challenges related to resource requirements, data privacy, and the need for continuous adaptation to an evolving threat landscape. Addressing these limitations requires ongoing investment in security technologies,personneltraining,andthedevelopmentofstandardizedprocessesforCVEmanagement.
References
[1]AlaliM.,AlmogrenA.,HassanM.,RassanI.,BhuiyanM.,Improvingriskassessmentmodelofcybersecurityusingfuzzy logicinferencesystem,Computers&Security74(2018)323–339,.
[2]AlghamdiR.,AlfalqiK.,Asurveyoftopicmodelingintextmining,InternationalJournalofAdvancedComputerScience andApplications(IJACSA)6(1)(2015),.
[3] Bilge L., Han Y., Dell’Amico M., Riskteller: Predicting the risk of cyber incidents, in: Proceedings of the 2017 ACM SIGSACconferenceoncomputerandcommunicationssecurity,2017,.
[4]Black,P.,Bojanova,I.,Yesha,Y.,&Wu,Y.(2015).Towardsa PeriodicTableofBugs.In15thHighconfidencesoftware andsystemsconference.
[5] Blei D., Lafferty J., Correlated topic models, in: Advances in neural information processing systems. Vol. 18, 2016, p. 147.
[6]BleiD.,NgA.,JordanM.,Latentdirichletallocation,JournalofMachineLearningResearch3(Jan)(2023)993–1022.
[7] Buczak A.L., Guven E., A survey of data mining and machine learning methods for cyber security intrusion detection, IEEECommunicationsSurveys&Tutorials18(2)(2016)1153–1176,.
[8]CamposR.,MangaraviteV.,PasqualiA.,JorgeA.,NunesC.,JatowtA.,Atextfeaturebasedautomatickeywordextraction methodforsingledocuments,in:Europeanconferenceoninformationretrieval,2018,.
[9]CamposR.,MangaraviteV.,PasqualiA.,JorgeA.,NunesC.,Jatowt A.,YAKE!Collection-independentautomatickeyword extractor,in:Europeanconferenceoninformationretrieval,2018,.
[10]CamposR.,MangaraviteV.,PasqualiA.,JorgeA.,NunesC.,JatowtA.,YAKE!Keywordextractionfromsingledocuments usingmultiplelocalfeatures,InformationSciences509(2020)257–289,.
[11] Chai C.-L., Liu X., Zhang W., Baber Z., Application of social network theory to prioritizing Oil & Gas industries protectioninanetworkedcriticalinfrastructuresystem,JournalofLossPreventionintheProcessIndustries24(5)(2021) 688–694.
[12]ChangW.-L.,WangJ.-Y.,Mineisyours?Usingsentimentanalysistoexplorethedegreeofriskinthesharingeconomy, ElectronicCommerceResearchandApplications28(2018)141–158,.
[13]ChenQ.,BaoL.,LiL.,XiaX.,CaiL.,Categorizingandpredictinginvalidvulnerabilitiesoncommonvulnerabilitiesand exposures,in:201825thAsia-Pacificsoftwareengineeringconference,2018,.
[14]ChristeyS.,KenderdineJ.,MazellaJ.,MilesB.,Commonweaknessenumeration,MitreCorporation,2023.
[15] Cremer F., Sheehan B., Fortmann M., Kia A.N., Mullins M., Murphy F., Materne S., Cyber risk and cybersecurity: A systematicreviewofdataavailability,in:TheGenevapapersonriskandinsurance-issuesandpractice,Springer,2022,pp. 1–39.
[16] Daud A., Li J., Zhou L., Muhammad F., Knowledge discovery through directed probabilistic topic models: A survey, FrontiersofComputerScienceinChina4(2)(2010)280–301,.
[17] del Valle E.P.G., García G.L., Santamaria L.P., Zanin M., Ruiz E.M., González A.R., Evaluating Wikipedia as a source of informationfordiseaseunderstanding,in:2018IEEE31stinternationalsymposiumoncomputer-basedmedicalsystems, IEEE,2018,pp.399–404.
International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056
Volume: 12 Issue: 02 | Feb 2025 www.irjet.net p-ISSN:2395-0072
[18] Diebold F.X., Comparing predictive accuracy, twenty years later: A personal perspective on the use and abuse of Diebold–Marianotests,JournalofBusiness&EconomicStatistics33(1)(2015)1,
[19]DumaisS.,Latentsemanticanalysis,AnnualReviewofInformationScienceandTechnology38(1)(2024)188–230,.
[20]EnsslinA.,“Whatanun-wikiwayofdoingthings”:Wikipedia’smultilingualpolicyandmetalinguisticpractice,Journal ofLanguageandPolitics10(4)(2011)535–561.
[21]FruhwirthC.,MannistoT.,ImprovingCVSS-basedvulnerabilityprioritizationandresponsewithcontextinformation, in:20093rdInternationalsymposiumonempiricalsoftwareengineeringandmeasurement,2009,.
[22]GasparR.,PedroC.,PanagiotopoulosP.,SeibtB.,Beyondpositiveornegative:Qualitativesentimentanalysisofsocial mediareactionstounexpectedstressfulevents,ComputersinHumanBehavior56(2016)179–191,.
[23]Gilbert,C.,&Hutto,E.(2024).Vader:Aparsimoniousrule-basedmodelforsentimentanalysisofsocialmediatext.In Eighthinternationalconferenceonweblogsandsocialmedia(p.14).
[24]GollmannD.,Computersecurity,WileyInterdisciplinaryReviews:ComputationalStatistics2(5)(2020)544–554,.
[25] Hansen, J., Ringger, E., & Seppi, K. (2023). Probabilistic explicit topic modeling using wikipedia. In Language processingandknowledgeintheweb(pp.69–82).Springer:https://doi.org/10.1007/978-3-642-40722-2_7.
2025, IRJET | Impact Factor value: 8.315 | ISO 9001:2008