Enhancing Vulnerability Reports With Automated and Augmented Description Summarization

Hattan Althebeiti; Mohammed Alkinoon; Manar Mohaisen; Saeed Salem; Dae Hun Nyang; David Mohaisen

doi:10.1109/TBDATA.2025.3566618

Enhancing Vulnerability Reports With Automated and Augmented Description Summarization

Hattan Althebeiti, Mohammed Alkinoon, Manar Mohaisen, Saeed Salem, Dae Hun Nyang, David Mohaisen

Department of Cyber Security

Research output: Contribution to journal › Article › peer-review

Abstract

Public vulnerability databases, such as the National Vulnerability Database (NVD), document vulnerabilities and facilitate threat information sharing. However, they often suffer from short descriptions and outdated or insufficient information. In this paper, we introduce Zad, a system designed to enrich NVD vulnerability descriptions by leveraging external resources. Zad consists of two pipelines: one collects and filters supplementary data using two encoders to build a detailed dataset, while the other fine-tunes a pre-trained model on this dataset to generate enriched descriptions. By addressing brevity and improving content quality, Zad produces more comprehensive and cohesive vulnerability descriptions. We evaluate Zad using standard summarization metrics and human assessments, demonstrating its effectiveness in enhancing vulnerability information.

Original language	English
Pages (from-to)	3003-3015
Number of pages	13
Journal	IEEE Transactions on Big Data
Volume	11
Issue number	6
DOIs	https://doi.org/10.1109/TBDATA.2025.3566618
State	Published - 2025

Bibliographical note

Publisher Copyright:
© 2015 IEEE.

Keywords

Vulnerability
national vulnerability database (NVD)
natural language processing summarization
transformer

Access to Document

10.1109/TBDATA.2025.3566618

Cite this

@article{053c9d33242340efad85a6248f18ec9d,

title = "Enhancing Vulnerability Reports With Automated and Augmented Description Summarization",

abstract = "Public vulnerability databases, such as the National Vulnerability Database (NVD), document vulnerabilities and facilitate threat information sharing. However, they often suffer from short descriptions and outdated or insufficient information. In this paper, we introduce Zad, a system designed to enrich NVD vulnerability descriptions by leveraging external resources. Zad consists of two pipelines: one collects and filters supplementary data using two encoders to build a detailed dataset, while the other fine-tunes a pre-trained model on this dataset to generate enriched descriptions. By addressing brevity and improving content quality, Zad produces more comprehensive and cohesive vulnerability descriptions. We evaluate Zad using standard summarization metrics and human assessments, demonstrating its effectiveness in enhancing vulnerability information.",

keywords = "Vulnerability, national vulnerability database (NVD), natural language processing summarization, transformer",

author = "Hattan Althebeiti and Mohammed Alkinoon and Manar Mohaisen and Saeed Salem and Nyang, \{Dae Hun\} and David Mohaisen",

note = "Publisher Copyright: {\textcopyright} 2015 IEEE.",

year = "2025",

doi = "10.1109/TBDATA.2025.3566618",

language = "English",

volume = "11",

pages = "3003--3015",

journal = "IEEE Transactions on Big Data",

issn = "2332-7790",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "6",

}

TY - JOUR

T1 - Enhancing Vulnerability Reports With Automated and Augmented Description Summarization

AU - Althebeiti, Hattan

AU - Alkinoon, Mohammed

AU - Mohaisen, Manar

AU - Salem, Saeed

AU - Nyang, Dae Hun

AU - Mohaisen, David

PY - 2025

Y1 - 2025

N2 - Public vulnerability databases, such as the National Vulnerability Database (NVD), document vulnerabilities and facilitate threat information sharing. However, they often suffer from short descriptions and outdated or insufficient information. In this paper, we introduce Zad, a system designed to enrich NVD vulnerability descriptions by leveraging external resources. Zad consists of two pipelines: one collects and filters supplementary data using two encoders to build a detailed dataset, while the other fine-tunes a pre-trained model on this dataset to generate enriched descriptions. By addressing brevity and improving content quality, Zad produces more comprehensive and cohesive vulnerability descriptions. We evaluate Zad using standard summarization metrics and human assessments, demonstrating its effectiveness in enhancing vulnerability information.

AB - Public vulnerability databases, such as the National Vulnerability Database (NVD), document vulnerabilities and facilitate threat information sharing. However, they often suffer from short descriptions and outdated or insufficient information. In this paper, we introduce Zad, a system designed to enrich NVD vulnerability descriptions by leveraging external resources. Zad consists of two pipelines: one collects and filters supplementary data using two encoders to build a detailed dataset, while the other fine-tunes a pre-trained model on this dataset to generate enriched descriptions. By addressing brevity and improving content quality, Zad produces more comprehensive and cohesive vulnerability descriptions. We evaluate Zad using standard summarization metrics and human assessments, demonstrating its effectiveness in enhancing vulnerability information.

KW - Vulnerability

KW - national vulnerability database (NVD)

KW - natural language processing summarization

KW - transformer

UR - https://www.scopus.com/pages/publications/105004905140

U2 - 10.1109/TBDATA.2025.3566618

DO - 10.1109/TBDATA.2025.3566618

M3 - Article

AN - SCOPUS:105004905140

SN - 2332-7790

VL - 11

SP - 3003

EP - 3015

JO - IEEE Transactions on Big Data

JF - IEEE Transactions on Big Data

IS - 6

ER -

Enhancing Vulnerability Reports With Automated and Augmented Description Summarization

Abstract

Bibliographical note

Keywords

Access to Document

Fingerprint

Cite this