Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  百年期刊
Journal of Tsinghua University(Science and Technology)    2023, Vol. 63 Issue (9) : 1399-1407     DOI: 10.16511/j.cnki.qhdxxb.2023.21.007
COMPUTER SCIENCE AND TECHNOLOGY |
Multi-user recommendation algorithm based on vulnerability similarity
JIA Fan1, KANG Shuya1, JIANG Weiqiang2, WANG Guangtao2
1. Institute of Intelligent Networks and Information Security, School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China;
2. Information Security Center, China Mobile Group Co., Ltd., Beijing 100053, China
Download: PDF(1450 KB)  
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks    
Abstract  [Objective] In recent years, the number of publicly disclosed vulnerabilities has increased, and software security personnel and vulnerability enthusiasts have experienced increasing difficulty in finding the vulnerability information they are interested in. A recommendation algorithm can provide personalized vulnerability suggestions to help users obtain valuable vulnerability information efficiently. However, recommendation systems related to vulnerabilities generally have problems such as one-sided analysis, complex implementation methods, strong professionalism, and data privacy, and research on directly recommending vulnerabilities as recommendation items is scarce.[Methods] This paper selects the vulnerability itself as the recommendation item, collects data from public datasets, and adopts a simple and efficient recommendation algorithm for personalized recommendations of vulnerabilities. As a classical recommendation model, the collaborative filtering recommendation algorithm is widely used and computationally efficient. However, the user–vulnerability interaction matrix is sparser than the interaction matrix analyzed by the classical recommendation model, which seriously affects the use effect of the collaborative filtering recommendation algorithm. To solve this problem, this paper introduces a vulnerability similarity research algorithm, comprehensively considers 13 features, such as vulnerability type, severity, and vulnerability description text, and integrates them into content-based recommendation algorithms, emphasizing the universal connection between vulnerabilities in recommendation algorithms. By calculating the similar vulnerabilities of each vulnerability the target user has interacted with, the algorithm summarizes the list of vulnerabilities with the highest recommended value and recommends it to the user. Simultaneously, the algorithm fully considers the characteristics of personal users and product users and combines the labeling mechanism to finally form a multi-user vulnerability recommendation algorithm based on similarity, effectively improving the sparsity and cold start of the recommendation algorithm.[Results] The experiments on public datasets show that 1) the content recommendation algorithm based on similarity can achieve better accuracy than the traditional collaborative filtering algorithm on all types of users. Particularly, the precision, recall, and F1 score of the recommendation algorithm results for product users increase by 58.86%, 58.53%, and 0.586 1, respectively. 2) The recommendation list of the content recommendation algorithm based on similarity is more effective and more consistent with the user's vulnerability preferences. For product users, the the normalized discounted cumulative gain score of the recommendation list increases by 0.596 5. 3) The result coverage of the content recommendation algorithm based on similarity is much higher than that of the collaborative filtering algorithm. Among human users, the result coverage of the content recommendation algorithm based on similarity is 7.6 times that of original interest data, which shows that the recommendation algorithm successfully mobilizes more vulnerabilities to recommend that users have not previously interacted with.[Conclusions] This paper takes vulnerabilities as a recommendation item to recommend vulnerabilities for multiple types of users and proposes a multi-user vulnerability recommendation algorithm based on similarity. The algorithm mainly introduces the vulnerability similarity calculation method and integrates it into the content-based recommendation algorithm. The algorithm proposed in this paper solves the problems of the high sparsity of a user–vulnerability interaction matrix and cold-start problems of user-based collaborative filtering algorithms and effectively improves the accuracy and effectiveness of recommendations.
Keywords recommendation algorithm      vulnerability similarity      content-based recommendation      collaborative filtering recommendation     
Issue Date: 19 August 2023
Service
E-mail this article
E-mail Alert
RSS
Articles by authors
JIA Fan
KANG Shuya
JIANG Weiqiang
WANG Guangtao
Cite this article:   
JIA Fan,KANG Shuya,JIANG Weiqiang, et al. Multi-user recommendation algorithm based on vulnerability similarity[J]. Journal of Tsinghua University(Science and Technology), 2023, 63(9): 1399-1407.
URL:  
http://jst.tsinghuajournals.com/EN/10.16511/j.cnki.qhdxxb.2023.21.007     OR     http://jst.tsinghuajournals.com/EN/Y2023/V63/I9/1399
  
  
  
  
  
  
  
[1] DE MOURA DEL ESPOSTE A, CAMPIOLO R, KON F, et al. A collaboration model to recommend network security alerts based on the mixed hybrid approach[EB/OL].[2022-10-13]. https://www.researchgate.net/publication/305338541
[2] SHAH K, SALUNKE A, DONGARE S, et al. Recommender systems: An overview of different approaches to recommendations[C]// 2017 International Conference on Innovations in Information, Embedded and Communication Systems. Coimbatore, India: IEEE, 2017: 1-4.
[3] KARLSSON L, BIDEN P N, HELL M. A recommender system for user-specific vulnerability scoring[C]//14th International Conference on Risks and Security of Internet and Systems. Hammamet, Tunisia: Springer, 2020: 355-364.
[4] YANG M T, WU J Z, WU Y J, et al. Policykeeper: Recommending proper security mechanisms based on the severity of vulnerability considering user experience[C]// 7th International Conference on Software Security and Reliability. Gaithersburg, USA: IEEE, 2013: 227-228.
[5] FRANCO M F, RODRIGUES B, STILLER B. Mentor: The design and evaluation of a protection services recommender system[C]// 15th International Conference on Network and Service Management. Halifax, Canada: IEEE, 2019: 1-7.
[6] NEMBHARD F D, CARVALHO M M, ESKRIDGE T C. Towards the application of recommender systems to secure coding[J]. EURASIP Journal on Information Security, 2019, 2019: 9. DOI: 10.1186/ s13635-019-0092-4.
[7] NADEEM M, ALLEN E B, WILLIAMS B J. A method for recommending computer-security training for software developers: Leveraging the power of static analysis techniques and vulnerability repositories[C]// 12th International Conference on Information Technology-New Generations. Las Vegas, USA: IEEE, 2015: 534-539.
[8] 黄睿. 基于在线评论的消费者偏好与认知衡量及其在个性化推荐中的应用[D]. 天津: 天津大学, 2019. DOI: 10.27356/d.cnki.gtjdu.2019.002809. HUANG R. Consumer preferences and cognition measurement based on online reviews and the application in personalized recommendations[D]. Tianjin: Tianjin University, 2019. DOI: 10.27356/d.cnki.gtjdu.2019.002809. (in Chinese)
[9] 陶永才, 火昊, 石磊, 等. 基于时间因子的个性化新闻混合推荐研究[J]. 小型微型计算机系统, 2018, 39(8): 1794-1798. TAO Y C, HUO H, SHI L, et al. Hybrid news recommendation based on time factor[J]. Journal of Chinese Computer Systems, 2018, 39(8): 1794-1798. (in Chinese)
[10] 李宁. 基于个性化资源推荐的学习平台的研究与设计[D]. 绵阳: 西南科技大学, 2015. LI N. Research and design of the learning platform based on personalized resources recommended[D]. Mianyang: Southwest University of Science and Technology, 2015. (in Chinese)
[11] 苑振霞. 基于迁移学习的知识推荐方法研究[D]. 天津: 天津大学, 2014. YUAN Z X. Research on knowledge recommender method based on transfer learning[D]. Tianjin: Tianjin University, 2014. (in Chinese)
[12] 苗东方. 基于深度神经网络的创业项目推荐系统研究[D]. 成都: 电子科技大学, 2018. MIAO D F. Research on entrepreneurship project recommendation system based on deep neural network[D]. Chengdu: University of Electronic Science and Technology of China, 2018. (in Chinese)
[13] 郑鹏, 王应明, 梁薇. 基于信任和矩阵分解的协同过滤推荐算法[J]. 计算机工程与应用, 2018, 54(13): 34-40. ZHENG P, WANG Y M, LIANG W. Collaborative filtering recommendation algorithm based on trust and matrix factorization[J]. Computer Engineering and Applications, 2018, 54(13): 34-40. (in Chinese)
[14] 张通. 基于图书馆业务数据分析服务的个性化推荐系统设计与实现[D]. 北京: 北京邮电大学, 2013. ZHANG T. The design and realization of personalized recommendation system of the library business data analysis services[D]. Beijing: Beijing University of Posts and Telecommunications, 2013. (in Chinese)
[15] 易黎, 肖青秀, 汤鲲. 基于双层注意力机制的深度学习电影推荐系统[J].计算机与现代化, 2018(11): 109-114. YI L, XIAO Q X, TANG K. A deep learning recommendation system of movie based on dual-attention model[J]. Computer And Modernization, 2018(11): 109-114. (in Chinese)
[16] 王东. 基于Hadoop的电子商务推荐系统设计与实现[D]. 西安: 西安工业大学, 2017. WANG D. Design and implementation of recommendation system for e-commerce on hadoop[D]. Xi’an: Xi’an Technological University, 2017. (in Chinese)
[17] 贾凡, 康舒雅, 江为强, 等.基于NLP及特征融合的漏洞相似性算法评估[J]. 信息网络安全, 2023, 23(1): 18-27. JIA F, KANG S Y, JIANG W Q, et al. Vulnerability similarity algorithm evaluation based on NLP and feature fusion[J]. Netinfo Security, 2023, 23(1): 18-27. (in Chinese)
[18] 董立岩, 王越群, 贺嘉楠, 等. 基于时间衰减的协同过滤推荐算法[J].吉林大学学报(工学版), 2017, 47(4): 1268-1272. DOI: 10.13229/j.cnki.jdxbgxb201704036. DONG L Y, WANG Y Q, HE J N, et al. Collaborative filtering recommendation algorithm based on time decay[J]. Journal of Jilin University (Engineering and Technology Edition), 2017, 47(04): 1268-1272. DOI: 10.13229/j.cnki.jdxbgxb201704036. (in Chinese)
[19] 李霞, 李守伟. 面向个性化推荐系统的二分网络协同过滤算法研究[J].计算机应用研究, 2013, 30(7): 1946-1949. LI X, LI S W. Research on collaborative filtering algorithm of bipartite network oriented to personal recommendation system[J]. Application Research of Computers, 2013, 30(7): 1946-1949. (in Chinese)
[20] 姜信景, 齐小刚, 刘立芳. 个性化信息推荐方法研究[J]. 智能系统学报, 2018, 13(2): 189-195. JIANG X J, QI X G, LIU L F. Research on the recommendation method of personalized information[J]. CAAI Transactions on Intelligent Systems, 2018, 13(2): 189-195. (in Chinese)
[21] 王国霞, 刘贺平. 个性化推荐系统综述[J]. 计算机工程与应用, 2012, 48(7): 66-76. WANG G X, LIU H P. Survey of personalized recommendation system[J]. Computer Engineering and Applications, 2012, 48(7): 66-76. (in Chinese)
[22] 项亮. 推荐系统实践[M]. 北京: 人民邮电出版社, 2012. XIANG L. Recommend system practice[M]. Beijing: Posts & Telecom Press, 2012. (in Chinese)
[23] 李凌, 顾晓梅, 刘子豪. 多子域随机森林在情境感知推荐中的应用研究[J]. 计算机工程与应用, 2020, 56(22): 132-141. LI L, GU X M, LIU Z H. Application research of multi-subdomain random forest in context-aware recommendation[J]. Computer Engineering and Applications, 2020, 56(22): 132-141. (in Chinese)
[24] 刘华玲, 马俊, 张国祥. 基于深度学习的内容推荐算法研究综述[J]. 计算机工程, 2021, 47(07): 1-12. DOI: 10.19678/j.issn.1000-3428.0060557. LIU H L, MA J, ZHANG G X. Review of studies on deep learning-based content recommendation algorithms[J]. Computer Engineering, 2021, 47(07): 1-12. DOI: 10.19678/j.issn.1000-3428.0060557. (in Chinese)
[25] 李凡. 面向覆盖率的推荐算法研究[D]. 成都: 电子科技大学, 2020. DOI: 10.27005/d.cnki.gdzku.2020.003056. LI F. Study on coverage-oriented recommendation algorithms[D]. Chengdu: University of Electronic Science and Technology of China, 2020. DOI: 10.27005/d.cnki.gdzku.2020.003056. (in Chinese)
[26] 刘华玲, 郭渊, 马俊.协同过滤中相似度算法研究进展[J]. 计算机工程与应用, 2022, 58(13): 27-35. LIU H L, GUO Y, MA J. Research progress of similarity algorithm in collaborative filtering[J]. Computer Engineering and Applications, 2022, 58(13): 27-35. (in Chinese)
No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
Copyright © Journal of Tsinghua University(Science and Technology), All Rights Reserved.
Powered by Beijing Magtech Co. Ltd