Enhancing Vulnerability Reports with Automated and Augmented Description Summarization

Hattan Althebeiti; Mohammed Alkinoon; Manar Mohaisen; Saeed Salem; Dae Hun Nyang; David Mohaisen

doi:10.1109/TBDATA.2025.3566618

Enhancing Vulnerability Reports with Automated and Augmented Description Summarization

Hattan Althebeiti, Mohammed Alkinoon, Manar Mohaisen, Saeed Salem, Dae Hun Nyang, David Mohaisen

Department of Cyber Security

Research output: Contribution to journal › Article › peer-review

Abstract

Public vulnerability databases, such as the National Vulnerability Database (NVD), document vulnerabilities and facilitate threat information sharing. However, they often suffer from short descriptions and outdated or insufficient information. In this paper, we introduce Zad, a system designed to enrich NVD vulnerability descriptions by leveraging external resources. Zad consists of two pipelines: one collects and filters supplementary data using two encoders to build a detailed dataset, while the other fine-tunes a pre-trained model on this dataset to generate enriched descriptions. By addressing brevity and improving content quality, Zad produces more comprehensive and cohesive vulnerability descriptions. We evaluate Zad using standard summarization metrics and human assessments, demonstrating its effectiveness in enhancing vulnerability information.

Original language	English
Journal	IEEE Transactions on Big Data
DOIs	https://doi.org/10.1109/TBDATA.2025.3566618
State	Accepted/In press - 2025

Bibliographical note

Publisher Copyright:
© 2015 IEEE. All rights reserved.

Keywords

National Vulnerability Database
Natural Language Processing Summarization
Transformer
Vulnerability

Access to Document

10.1109/TBDATA.2025.3566618

Cite this

@article{053c9d33242340efad85a6248f18ec9d,

title = "Enhancing Vulnerability Reports with Automated and Augmented Description Summarization",

abstract = "Public vulnerability databases, such as the National Vulnerability Database (NVD), document vulnerabilities and facilitate threat information sharing. However, they often suffer from short descriptions and outdated or insufficient information. In this paper, we introduce Zad, a system designed to enrich NVD vulnerability descriptions by leveraging external resources. Zad consists of two pipelines: one collects and filters supplementary data using two encoders to build a detailed dataset, while the other fine-tunes a pre-trained model on this dataset to generate enriched descriptions. By addressing brevity and improving content quality, Zad produces more comprehensive and cohesive vulnerability descriptions. We evaluate Zad using standard summarization metrics and human assessments, demonstrating its effectiveness in enhancing vulnerability information.",

keywords = "National Vulnerability Database, Natural Language Processing Summarization, Transformer, Vulnerability",

author = "Hattan Althebeiti and Mohammed Alkinoon and Manar Mohaisen and Saeed Salem and Nyang, \{Dae Hun\} and David Mohaisen",

year = "2025",

doi = "10.1109/TBDATA.2025.3566618",

language = "English",

journal = "IEEE Transactions on Big Data",

issn = "2332-7790",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - Enhancing Vulnerability Reports with Automated and Augmented Description Summarization

AU - Althebeiti, Hattan

AU - Alkinoon, Mohammed

AU - Mohaisen, Manar

AU - Salem, Saeed

AU - Nyang, Dae Hun

AU - Mohaisen, David

PY - 2025

Y1 - 2025

N2 - Public vulnerability databases, such as the National Vulnerability Database (NVD), document vulnerabilities and facilitate threat information sharing. However, they often suffer from short descriptions and outdated or insufficient information. In this paper, we introduce Zad, a system designed to enrich NVD vulnerability descriptions by leveraging external resources. Zad consists of two pipelines: one collects and filters supplementary data using two encoders to build a detailed dataset, while the other fine-tunes a pre-trained model on this dataset to generate enriched descriptions. By addressing brevity and improving content quality, Zad produces more comprehensive and cohesive vulnerability descriptions. We evaluate Zad using standard summarization metrics and human assessments, demonstrating its effectiveness in enhancing vulnerability information.

AB - Public vulnerability databases, such as the National Vulnerability Database (NVD), document vulnerabilities and facilitate threat information sharing. However, they often suffer from short descriptions and outdated or insufficient information. In this paper, we introduce Zad, a system designed to enrich NVD vulnerability descriptions by leveraging external resources. Zad consists of two pipelines: one collects and filters supplementary data using two encoders to build a detailed dataset, while the other fine-tunes a pre-trained model on this dataset to generate enriched descriptions. By addressing brevity and improving content quality, Zad produces more comprehensive and cohesive vulnerability descriptions. We evaluate Zad using standard summarization metrics and human assessments, demonstrating its effectiveness in enhancing vulnerability information.

KW - National Vulnerability Database

KW - Natural Language Processing Summarization

KW - Transformer

KW - Vulnerability

UR - http://www.scopus.com/inward/record.url?scp=105004905140&partnerID=8YFLogxK

U2 - 10.1109/TBDATA.2025.3566618

DO - 10.1109/TBDATA.2025.3566618

M3 - Article

AN - SCOPUS:105004905140

SN - 2332-7790

JO - IEEE Transactions on Big Data

JF - IEEE Transactions on Big Data

ER -

Enhancing Vulnerability Reports with Automated and Augmented Description Summarization

Abstract

Bibliographical note

Keywords

Access to Document

Fingerprint

Cite this