Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们 横山亮次奖 百年刊庆
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  横山亮次奖  |  百年刊庆
清华大学学报(自然科学版)  2023, Vol. 63 Issue (9): 1399-1407    DOI: 10.16511/j.cnki.qhdxxb.2023.21.007
  计算机科学与技术 本期目录 | 过刊浏览 | 高级检索 |
基于相似性的多用户漏洞推荐算法
贾凡1, 康舒雅1, 江为强2, 王光涛2
1. 北京交通大学 电子信息工程学院, 智能网络与信息安全实验室, 北京 100044;
2. 中国移动通信集团有限公司, 信息安全管理与运行中心, 北京 100053
Multi-user recommendation algorithm based on vulnerability similarity
JIA Fan1, KANG Shuya1, JIANG Weiqiang2, WANG Guangtao2
1. Institute of Intelligent Networks and Information Security, School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China;
2. Information Security Center, China Mobile Group Co., Ltd., Beijing 100053, China
全文: PDF(1450 KB)  
输出: BibTeX | EndNote (RIS)      
摘要 近年来, 公开披露的漏洞数量越来越多, 推荐算法可以帮助软件安全人员和漏洞爱好者找到自己真正需求和感兴趣的漏洞信息。 但是用户与漏洞的交互矩阵比经典协同过滤推荐算法所分析的交互矩阵有更强的稀疏性, 严重影响了协同过滤推荐算法的使用效果。 这也是将漏洞直接作为推荐项目所必须面对的主要挑战。 为了解决这一问题, 该文引入漏洞相似性计算方法, 在基于内容的推荐算法中强调漏洞之间的普遍联系, 从而解决推荐算法的交互矩阵高稀疏性、 冷启动等问题。 同时, 充分考虑多类型用户的特点, 最终形成了基于相似性的多用户漏洞推荐算法。 通过在公开数据上的实验表明, 该算法能够实现比传统协同过滤算法更佳的准确性和有效性。
服务
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章
贾凡
康舒雅
江为强
王光涛
关键词 推荐算法漏洞相似性内容推荐协同过滤推荐    
Abstract:[Objective] In recent years, the number of publicly disclosed vulnerabilities has increased, and software security personnel and vulnerability enthusiasts have experienced increasing difficulty in finding the vulnerability information they are interested in. A recommendation algorithm can provide personalized vulnerability suggestions to help users obtain valuable vulnerability information efficiently. However, recommendation systems related to vulnerabilities generally have problems such as one-sided analysis, complex implementation methods, strong professionalism, and data privacy, and research on directly recommending vulnerabilities as recommendation items is scarce.[Methods] This paper selects the vulnerability itself as the recommendation item, collects data from public datasets, and adopts a simple and efficient recommendation algorithm for personalized recommendations of vulnerabilities. As a classical recommendation model, the collaborative filtering recommendation algorithm is widely used and computationally efficient. However, the user–vulnerability interaction matrix is sparser than the interaction matrix analyzed by the classical recommendation model, which seriously affects the use effect of the collaborative filtering recommendation algorithm. To solve this problem, this paper introduces a vulnerability similarity research algorithm, comprehensively considers 13 features, such as vulnerability type, severity, and vulnerability description text, and integrates them into content-based recommendation algorithms, emphasizing the universal connection between vulnerabilities in recommendation algorithms. By calculating the similar vulnerabilities of each vulnerability the target user has interacted with, the algorithm summarizes the list of vulnerabilities with the highest recommended value and recommends it to the user. Simultaneously, the algorithm fully considers the characteristics of personal users and product users and combines the labeling mechanism to finally form a multi-user vulnerability recommendation algorithm based on similarity, effectively improving the sparsity and cold start of the recommendation algorithm.[Results] The experiments on public datasets show that 1) the content recommendation algorithm based on similarity can achieve better accuracy than the traditional collaborative filtering algorithm on all types of users. Particularly, the precision, recall, and F1 score of the recommendation algorithm results for product users increase by 58.86%, 58.53%, and 0.586 1, respectively. 2) The recommendation list of the content recommendation algorithm based on similarity is more effective and more consistent with the user's vulnerability preferences. For product users, the the normalized discounted cumulative gain score of the recommendation list increases by 0.596 5. 3) The result coverage of the content recommendation algorithm based on similarity is much higher than that of the collaborative filtering algorithm. Among human users, the result coverage of the content recommendation algorithm based on similarity is 7.6 times that of original interest data, which shows that the recommendation algorithm successfully mobilizes more vulnerabilities to recommend that users have not previously interacted with.[Conclusions] This paper takes vulnerabilities as a recommendation item to recommend vulnerabilities for multiple types of users and proposes a multi-user vulnerability recommendation algorithm based on similarity. The algorithm mainly introduces the vulnerability similarity calculation method and integrates it into the content-based recommendation algorithm. The algorithm proposed in this paper solves the problems of the high sparsity of a user–vulnerability interaction matrix and cold-start problems of user-based collaborative filtering algorithms and effectively improves the accuracy and effectiveness of recommendations.
Key wordsrecommendation algorithm    vulnerability similarity    content-based recommendation    collaborative filtering recommendation
收稿日期: 2022-09-26      出版日期: 2023-08-19
基金资助:教育部中国移动科研基金项目(MCM20200106)
作者简介: 贾凡(1976-),男,副教授,E-mail:fjia@bjtu.edu.cn
引用本文:   
贾凡, 康舒雅, 江为强, 王光涛. 基于相似性的多用户漏洞推荐算法[J]. 清华大学学报(自然科学版), 2023, 63(9): 1399-1407.
JIA Fan, KANG Shuya, JIANG Weiqiang, WANG Guangtao. Multi-user recommendation algorithm based on vulnerability similarity. Journal of Tsinghua University(Science and Technology), 2023, 63(9): 1399-1407.
链接本文:  
http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2023.21.007  或          http://jst.tsinghuajournals.com/CN/Y2023/V63/I9/1399
  
  
  
  
  
  
  
[1] DE MOURA DEL ESPOSTE A, CAMPIOLO R, KON F, et al. A collaboration model to recommend network security alerts based on the mixed hybrid approach[EB/OL].[2022-10-13]. https://www.researchgate.net/publication/305338541
[2] SHAH K, SALUNKE A, DONGARE S, et al. Recommender systems: An overview of different approaches to recommendations[C]// 2017 International Conference on Innovations in Information, Embedded and Communication Systems. Coimbatore, India: IEEE, 2017: 1-4.
[3] KARLSSON L, BIDEN P N, HELL M. A recommender system for user-specific vulnerability scoring[C]//14th International Conference on Risks and Security of Internet and Systems. Hammamet, Tunisia: Springer, 2020: 355-364.
[4] YANG M T, WU J Z, WU Y J, et al. Policykeeper: Recommending proper security mechanisms based on the severity of vulnerability considering user experience[C]// 7th International Conference on Software Security and Reliability. Gaithersburg, USA: IEEE, 2013: 227-228.
[5] FRANCO M F, RODRIGUES B, STILLER B. Mentor: The design and evaluation of a protection services recommender system[C]// 15th International Conference on Network and Service Management. Halifax, Canada: IEEE, 2019: 1-7.
[6] NEMBHARD F D, CARVALHO M M, ESKRIDGE T C. Towards the application of recommender systems to secure coding[J]. EURASIP Journal on Information Security, 2019, 2019: 9. DOI: 10.1186/ s13635-019-0092-4.
[7] NADEEM M, ALLEN E B, WILLIAMS B J. A method for recommending computer-security training for software developers: Leveraging the power of static analysis techniques and vulnerability repositories[C]// 12th International Conference on Information Technology-New Generations. Las Vegas, USA: IEEE, 2015: 534-539.
[8] 黄睿. 基于在线评论的消费者偏好与认知衡量及其在个性化推荐中的应用[D]. 天津: 天津大学, 2019. DOI: 10.27356/d.cnki.gtjdu.2019.002809. HUANG R. Consumer preferences and cognition measurement based on online reviews and the application in personalized recommendations[D]. Tianjin: Tianjin University, 2019. DOI: 10.27356/d.cnki.gtjdu.2019.002809. (in Chinese)
[9] 陶永才, 火昊, 石磊, 等. 基于时间因子的个性化新闻混合推荐研究[J]. 小型微型计算机系统, 2018, 39(8): 1794-1798. TAO Y C, HUO H, SHI L, et al. Hybrid news recommendation based on time factor[J]. Journal of Chinese Computer Systems, 2018, 39(8): 1794-1798. (in Chinese)
[10] 李宁. 基于个性化资源推荐的学习平台的研究与设计[D]. 绵阳: 西南科技大学, 2015. LI N. Research and design of the learning platform based on personalized resources recommended[D]. Mianyang: Southwest University of Science and Technology, 2015. (in Chinese)
[11] 苑振霞. 基于迁移学习的知识推荐方法研究[D]. 天津: 天津大学, 2014. YUAN Z X. Research on knowledge recommender method based on transfer learning[D]. Tianjin: Tianjin University, 2014. (in Chinese)
[12] 苗东方. 基于深度神经网络的创业项目推荐系统研究[D]. 成都: 电子科技大学, 2018. MIAO D F. Research on entrepreneurship project recommendation system based on deep neural network[D]. Chengdu: University of Electronic Science and Technology of China, 2018. (in Chinese)
[13] 郑鹏, 王应明, 梁薇. 基于信任和矩阵分解的协同过滤推荐算法[J]. 计算机工程与应用, 2018, 54(13): 34-40. ZHENG P, WANG Y M, LIANG W. Collaborative filtering recommendation algorithm based on trust and matrix factorization[J]. Computer Engineering and Applications, 2018, 54(13): 34-40. (in Chinese)
[14] 张通. 基于图书馆业务数据分析服务的个性化推荐系统设计与实现[D]. 北京: 北京邮电大学, 2013. ZHANG T. The design and realization of personalized recommendation system of the library business data analysis services[D]. Beijing: Beijing University of Posts and Telecommunications, 2013. (in Chinese)
[15] 易黎, 肖青秀, 汤鲲. 基于双层注意力机制的深度学习电影推荐系统[J].计算机与现代化, 2018(11): 109-114. YI L, XIAO Q X, TANG K. A deep learning recommendation system of movie based on dual-attention model[J]. Computer And Modernization, 2018(11): 109-114. (in Chinese)
[16] 王东. 基于Hadoop的电子商务推荐系统设计与实现[D]. 西安: 西安工业大学, 2017. WANG D. Design and implementation of recommendation system for e-commerce on hadoop[D]. Xi’an: Xi’an Technological University, 2017. (in Chinese)
[17] 贾凡, 康舒雅, 江为强, 等.基于NLP及特征融合的漏洞相似性算法评估[J]. 信息网络安全, 2023, 23(1): 18-27. JIA F, KANG S Y, JIANG W Q, et al. Vulnerability similarity algorithm evaluation based on NLP and feature fusion[J]. Netinfo Security, 2023, 23(1): 18-27. (in Chinese)
[18] 董立岩, 王越群, 贺嘉楠, 等. 基于时间衰减的协同过滤推荐算法[J].吉林大学学报(工学版), 2017, 47(4): 1268-1272. DOI: 10.13229/j.cnki.jdxbgxb201704036. DONG L Y, WANG Y Q, HE J N, et al. Collaborative filtering recommendation algorithm based on time decay[J]. Journal of Jilin University (Engineering and Technology Edition), 2017, 47(04): 1268-1272. DOI: 10.13229/j.cnki.jdxbgxb201704036. (in Chinese)
[19] 李霞, 李守伟. 面向个性化推荐系统的二分网络协同过滤算法研究[J].计算机应用研究, 2013, 30(7): 1946-1949. LI X, LI S W. Research on collaborative filtering algorithm of bipartite network oriented to personal recommendation system[J]. Application Research of Computers, 2013, 30(7): 1946-1949. (in Chinese)
[20] 姜信景, 齐小刚, 刘立芳. 个性化信息推荐方法研究[J]. 智能系统学报, 2018, 13(2): 189-195. JIANG X J, QI X G, LIU L F. Research on the recommendation method of personalized information[J]. CAAI Transactions on Intelligent Systems, 2018, 13(2): 189-195. (in Chinese)
[21] 王国霞, 刘贺平. 个性化推荐系统综述[J]. 计算机工程与应用, 2012, 48(7): 66-76. WANG G X, LIU H P. Survey of personalized recommendation system[J]. Computer Engineering and Applications, 2012, 48(7): 66-76. (in Chinese)
[22] 项亮. 推荐系统实践[M]. 北京: 人民邮电出版社, 2012. XIANG L. Recommend system practice[M]. Beijing: Posts & Telecom Press, 2012. (in Chinese)
[23] 李凌, 顾晓梅, 刘子豪. 多子域随机森林在情境感知推荐中的应用研究[J]. 计算机工程与应用, 2020, 56(22): 132-141. LI L, GU X M, LIU Z H. Application research of multi-subdomain random forest in context-aware recommendation[J]. Computer Engineering and Applications, 2020, 56(22): 132-141. (in Chinese)
[24] 刘华玲, 马俊, 张国祥. 基于深度学习的内容推荐算法研究综述[J]. 计算机工程, 2021, 47(07): 1-12. DOI: 10.19678/j.issn.1000-3428.0060557. LIU H L, MA J, ZHANG G X. Review of studies on deep learning-based content recommendation algorithms[J]. Computer Engineering, 2021, 47(07): 1-12. DOI: 10.19678/j.issn.1000-3428.0060557. (in Chinese)
[25] 李凡. 面向覆盖率的推荐算法研究[D]. 成都: 电子科技大学, 2020. DOI: 10.27005/d.cnki.gdzku.2020.003056. LI F. Study on coverage-oriented recommendation algorithms[D]. Chengdu: University of Electronic Science and Technology of China, 2020. DOI: 10.27005/d.cnki.gdzku.2020.003056. (in Chinese)
[26] 刘华玲, 郭渊, 马俊.协同过滤中相似度算法研究进展[J]. 计算机工程与应用, 2022, 58(13): 27-35. LIU H L, GUO Y, MA J. Research progress of similarity algorithm in collaborative filtering[J]. Computer Engineering and Applications, 2022, 58(13): 27-35. (in Chinese)
No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
版权所有 © 《清华大学学报(自然科学版)》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn