English

Advancing Vulnerability Classification with BERT: A Multi-Objective Learning Model

Cryptography and Security 2025-03-28 v1 Artificial Intelligence

Abstract

The rapid increase in cybersecurity vulnerabilities necessitates automated tools for analyzing and classifying vulnerability reports. This paper presents a novel Vulnerability Report Classifier that leverages the BERT (Bidirectional Encoder Representations from Transformers) model to perform multi-label classification of Common Vulnerabilities and Exposures (CVE) reports from the National Vulnerability Database (NVD). The classifier predicts both the severity (Low, Medium, High, Critical) and vulnerability types (e.g., Buffer Overflow, XSS) from textual descriptions. We introduce a custom training pipeline using a combined loss function-Cross-Entropy for severity and Binary Cross-Entropy with Logits for types-integrated into a Hugging Face Trainer subclass. Experiments on recent NVD data demonstrate promising results, with decreasing evaluation loss across epochs. The system is deployed via a REST API and a Streamlit UI, enabling real-time vulnerability analysis. This work contributes a scalable, open-source solution for cybersecurity practitioners to automate vulnerability triage.

Keywords

Cite

@article{arxiv.2503.20831,
  title  = {Advancing Vulnerability Classification with BERT: A Multi-Objective Learning Model},
  author = {Himanshu Tiwari},
  journal= {arXiv preprint arXiv:2503.20831},
  year   = {2025}
}

Comments

9 Pages

R2 v1 2026-06-28T22:35:38.375Z