{"created":"2025-05-14T01:00:48.544360+00:00","updated":"2025-05-14T01:00:53.344310+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:02002156","sets":["1164:4088:11911:1747183907775"]},"path":["1747183907775"],"owner":"80578","recid":"2002156","title":["CodeBERTを用いた脆弱性分類システムの提案と評価"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2025-05-22"},"_buckets":{"deposit":"ad960fd6-38a2-41e8-9aab-25f15f376b1d"},"_deposit":{"id":"2002156","pid":{"type":"depid","value":"2002156","revision_id":0},"owners":[80578],"status":"published","created_by":80578},"item_title":"CodeBERTを用いた脆弱性分類システムの提案と評価","author_link":[],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"CodeBERTを用いた脆弱性分類システムの提案と評価","subitem_title_language":"ja"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"CSEC","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2025-05-22","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"神戸大学"},{"subitem_text_value":"神戸大学大学院工学研究科"},{"subitem_text_value":"神戸大学大学院工学研究科"},{"subitem_text_value":"神戸大学大学院工学研究科"},{"subitem_text_value":"神戸大学大学院工学研究科"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Kobe University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Engineering, Kobe University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Engineering, Kobe University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Engineering, Kobe University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Engineering, Kobe University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/2002156/files/IPSJ-IOT25069008.pdf","label":"IPSJ-IOT25069008.pdf"},"date":[{"dateType":"Available","dateValue":"2027-05-22"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-IOT25069008.pdf","filesize":[{"value":"1.8 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"2127f1c5-c109-4d25-acd4-44867ea6a3b2","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2025 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"三嶋,亮大"}]},{"creatorNames":[{"creatorName":"葛野,弘樹"}]},{"creatorNames":[{"creatorName":"矢野,智彦"}]},{"creatorNames":[{"creatorName":"瀧田,愼"}]},{"creatorNames":[{"creatorName":"白石,善明"}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12326962","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8787","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"近年，情報機器で用いられるソフトウェアに対し，多数の脆弱性が報告されている．ソフトウェアセキュリティの確保には，報告された脆弱性の種別を特定し，情報機器への影響を把握が重要となるが，専門家による脆弱性の手動分類が行われており，自動分類が必要とされている．既存研究では，Open Web Application Security Project（OWASP）Top 10に基づいた脆弱性の自動分類が行われた．しかし，OWASP Top 10はWebアプリケーションの脆弱性分類指標であり，脆弱性の種類をリスト化したCommonWeakness Enumeration（CWE）での分類は行えない．本研究では，主要なオープンソースソフトウェア（OSS）で利用されているC/C++言語の脆弱性分類を行うために，CWEに対応した脆弱性分類システムを提案する．CWEによる分類を行うことで，C/C++言語で記述されたソフトウェアに対する脆弱性の把握を容易にする．提案する脆弱性分類システムでは，CodeBERTを用いる．CodeBERTはC/C++言語を未学習であり，両言語の脆弱性に対応するため，C/C++言語の事前学習とファインチューニングを行う．また，脆弱性データセットにおけるCWE種別であるCWE-ID毎の件数を均衡させるために重み付きクロスエントロピー損失を適用する．提案する脆弱性分類システムでは，CSS2023，Big-Vul，ならびにCVEfixesをデータセットとして利用する．評価にて，C/C++言語のソフトウェア，およびLinuxカーネルに対する脆弱性分類精度の評価を行い．提案する脆弱性分類システムは95種類のCWE-IDに対して66.48%の脆弱性分類精度を示した．また，Linuxカーネルの60種類のCWE-IDに対してTop-1分類精度が84.46%，Top-3分類精度が91.85%となり，実用的な脆弱性分類精度を示した．","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告インターネットと運用技術（IOT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2025-05-22","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"8","bibliographicVolumeNumber":"2025-IOT-69"}]},"relation_version_is_last":true,"weko_creator_id":"80578"},"id":2002156,"links":{}}