<p>To address the vulnerability description mapping (VDM) task, current approaches employ deep learning and large language models (LLMs) through prompt engineering, framing VDM as multi-class classification, multi-label classification, and text generation problems. However, existing methods exhibit significant limitations, including suboptimal identification accuracy, limited category coverage, inadequate interpretability, susceptibility to hallucinations, and challenges related to class imbalance. To address these limitations, this study proposes VDM-IOG, an inference on graph framework in retrieval-augmented generation for vulnerability description mapping. By transforming the VDM methodology into an intelligence graph, the proposed approach leverages a large language model to perform reasoning through five steps: identification, querying, scoring, questioning, and reflection. Experimental results demonstrate that the proposed method achieves a Macro-F1 score of 74.88% and a Micro-F1 score of 82.17%. Compared to existing research, the proposed approach expands detection coverage across 42 technical categories, effectively mitigates class imbalance, and enhances process interpretability and controllability through explicit reasoning traces.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

VDM-IOG, a framework of inference on graph in retrieval-augmented generation for vulnerability description mapping

  • Fengrui Yu,
  • Yanhui Du

摘要

To address the vulnerability description mapping (VDM) task, current approaches employ deep learning and large language models (LLMs) through prompt engineering, framing VDM as multi-class classification, multi-label classification, and text generation problems. However, existing methods exhibit significant limitations, including suboptimal identification accuracy, limited category coverage, inadequate interpretability, susceptibility to hallucinations, and challenges related to class imbalance. To address these limitations, this study proposes VDM-IOG, an inference on graph framework in retrieval-augmented generation for vulnerability description mapping. By transforming the VDM methodology into an intelligence graph, the proposed approach leverages a large language model to perform reasoning through five steps: identification, querying, scoring, questioning, and reflection. Experimental results demonstrate that the proposed method achieves a Macro-F1 score of 74.88% and a Micro-F1 score of 82.17%. Compared to existing research, the proposed approach expands detection coverage across 42 technical categories, effectively mitigates class imbalance, and enhances process interpretability and controllability through explicit reasoning traces.