Contents I. Introduction
Vulnerability assessment has high research value, and its results can be used for network situational awareness, vulnerability patching, and auxiliary decision-making. Currently, the academic community has researched from different perspectives on vulnerability assessment. There are vulnerability assessment methods based on expert system, which commonly invite well-known experts to list the metrics that may affect the vulnerability assessment score and assign corresponding weights [1]. This is the approach taken by CVSS [2]–[6]. However, the vulnerability assessment based on expert system will inevitably involve manual participation, and human subjective factors will bring scoring error. At present, the relevant methods based on expert system can not completely solve this problem. There are machine learning-based vulnerability assessment methods, where machine learning-related algorithms can discover features common to vulnerabilities in a large amount of data to form machine learning-based models, which generally have only a limited number of inputs, avoiding the situation where a large number of feature inputs need to be selected for manual scoring. The models formed based on machine learning can be optimized as the data samples change, and the parameters can be adjusted as the task and assessment requirements change so that the relevant models can be adapted to the task. Such models have advantages in terms of scalability and ease of use. However, the accuracy of vulnerability assessment method based on machine learning is not as good as that based on expert system, and it is difficult to obtain relevant vulnerability data sets.
