The Common Vulnerability Scoring System (CVSS) is widely used in the cybersecurity industry to assess the severity of vulnerabilities. However, manual assessments and human error can lead to delays and inconsistencies. This study employs situational awareness theory to develop an automated decision support system, integrating perception, comprehension, and projection components to enhance effectiveness. Specifically, an interpretable principal component analysis (iPCA) combined with machine learning is utilized to forecast CVSS scores using text descriptions from the Common Vulnerabilities and Exposures (CVE) database. Different forecasting approaches, including traditional machine learning models, Long-Short Term Memory Neural Networks, and Transformer architectures (ChatGPT) are compared to determine the best performance. The results show that iPCA combined with support vector regression achieves a high performance (R = 98%) in predicting CVSS scores using CVE text descriptions. The results indicate that the variability, length, and details in the vulnerability description contribute to the performance of the transformer model. These findings are consistent across vulnerability descriptions from six companies between 2017 and 2019. The study's outcomes have the potential to enhance organizations' security posture, improving situational awareness and enabling better managerial decision-making in cybersecurity.

中文翻译：

---

增强的（网络）态势感知：使用可解释的主成分分析 (iPCA) 自动执行漏洞严重性评分


通用漏洞评分系统（CVSS）广泛应用于网络安全行业，用于评估漏洞的严重程度。然而，手动评估和人为错误可能会导致延迟和不一致。本研究采用态势感知理论来开发自动化决策支持系统，整合感知、理解和预测组件以提高有效性。具体来说，可解释的主成分分析 (iPCA) 与机器学习相结合，用于使用常见漏洞和暴露 (CVE) 数据库中的文本描述来预测 CVSS 分数。比较不同的预测方法，包括传统的机器学习模型、长短期记忆神经网络和 Transformer 架构 (ChatGPT)，以确定最佳性能。结果表明，iPCA 与支持向量回归相结合，在使用 CVE 文本描述预测 CVSS 分数方面实现了高性能 (R = 98%)。结果表明，漏洞描述中的可变性、长度和细节有助于变压器模型的性能。这些发现在 2017 年至 2019 年间六家公司的漏洞描述中是一致的。该研究的结果有可能增强组织的安全态势，提高态势感知能力并实现更好的网络安全管理决策。