{"id":"https://openalex.org/W3214160395","doi":"https://doi.org/10.1109/cloud53861.2021.00073","title":"NL2Vul: Natural Language to Standard Vulnerability Score for Cloud Security Posture Management","display_name":"NL2Vul: Natural Language to Standard Vulnerability Score for Cloud Security Posture Management","publication_year":2021,"publication_date":"2021-09-01","ids":{"openalex":"https://openalex.org/W3214160395","doi":"https://doi.org/10.1109/cloud53861.2021.00073","mag":"3214160395"},"language":"en","primary_location":{"id":"doi:10.1109/cloud53861.2021.00073","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cloud53861.2021.00073","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE 14th International Conference on Cloud Computing (CLOUD)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5079878771","display_name":"Muhammed Fatih Bulut","orcid":"https://orcid.org/0000-0003-3774-5025"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Muhammed Fatih Bulut","raw_affiliation_strings":["IBM T.J. Watson Research Center"],"affiliations":[{"raw_affiliation_string":"IBM T.J. Watson Research Center","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5030925387","display_name":"Jinho Hwang","orcid":"https://orcid.org/0000-0001-8595-7431"},"institutions":[{"id":"https://openalex.org/I2252078561","display_name":"Meta (Israel)","ror":"https://ror.org/02388em19","country_code":"IL","type":"company","lineage":["https://openalex.org/I2252078561","https://openalex.org/I4210114444"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Jinho Hwang","raw_affiliation_strings":["Facebook","IBM T.J. Watson Research Center"],"affiliations":[{"raw_affiliation_string":"Facebook","institution_ids":["https://openalex.org/I2252078561"]},{"raw_affiliation_string":"IBM T.J. Watson Research Center","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5079878771"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.1016,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.83261682,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"566","last_page":"571"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9925000071525574,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9925000071525574,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9925000071525574,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9915000200271606,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7663817405700684},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.7195185422897339},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.7065984606742859},{"id":"https://openalex.org/keywords/nist","display_name":"NIST","score":0.6250121593475342},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.619191586971283},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5671613812446594},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5563715696334839},{"id":"https://openalex.org/keywords/popularity","display_name":"Popularity","score":0.4864163398742676}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7663817405700684},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.7195185422897339},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.7065984606742859},{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.6250121593475342},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.619191586971283},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5671613812446594},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5563715696334839},{"id":"https://openalex.org/C2780586970","wikidata":"https://www.wikidata.org/wiki/Q1357284","display_name":"Popularity","level":2,"score":0.4864163398742676},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C77805123","wikidata":"https://www.wikidata.org/wiki/Q161272","display_name":"Social psychology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/cloud53861.2021.00073","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cloud53861.2021.00073","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE 14th International Conference on Cloud Computing (CLOUD)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.47999998927116394,"id":"https://metadata.un.org/sdg/17","display_name":"Partnerships for the goals"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W110007310","https://openalex.org/W133470593","https://openalex.org/W1566289585","https://openalex.org/W1584308190","https://openalex.org/W1614298861","https://openalex.org/W1832693441","https://openalex.org/W1971733255","https://openalex.org/W2064675550","https://openalex.org/W2113765418","https://openalex.org/W2166336492","https://openalex.org/W2282821441","https://openalex.org/W2289443514","https://openalex.org/W2767521898","https://openalex.org/W2771090858","https://openalex.org/W2890264517","https://openalex.org/W2896457183","https://openalex.org/W2950577311","https://openalex.org/W2953482317","https://openalex.org/W2966451849","https://openalex.org/W2969565522","https://openalex.org/W6605468800","https://openalex.org/W6636510571","https://openalex.org/W6755207826"],"related_works":["https://openalex.org/W2393340519","https://openalex.org/W4298219515","https://openalex.org/W2021298062","https://openalex.org/W2185499427","https://openalex.org/W1883246888","https://openalex.org/W3118510577","https://openalex.org/W2371301679","https://openalex.org/W2527966616","https://openalex.org/W4200316191","https://openalex.org/W2188018701"],"abstract_inverted_index":{"Cloud":[0],"Security":[1],"Posture":[2],"Management":[3],"(CSPM)":[4],"tools":[5],"have":[6,163],"been":[7],"gaining":[8],"popularity":[9],"to":[10,23,31,104,120,148],"automate,":[11],"monitor":[12],"and":[13,35,54,87,129,176],"visualize":[14],"the":[15,25,40,79,136,150],"security":[16],"posture":[17,152],"of":[18,42,58,81,107,116,124,172],"multi-cloud":[19],"environments.":[20],"The":[21,61],"foundation":[22],"assess":[24],"risk":[26,151],"lies":[27],"on":[28,69,122],"being":[29,146],"able":[30],"analyze":[32],"each":[33],"vulnerability":[34,64,82,131],"quantify":[36],"its":[37],"risk.":[38],"However,":[39],"number":[41],"vulnerabilities":[43,108,126],"in":[44,51,153],"National":[45],"Vulnerability":[46],"Database":[47],"(NVD)":[48],"has":[49],"skyrocketed":[50],"recent":[52],"years":[53],"surpassed":[55],"144K":[56],"as":[57],"late":[59],"2020.":[60],"current":[62],"standard":[63],"tracking":[65],"system":[66],"relies":[67],"mostly":[68],"human-driven":[70],"efforts.":[71,112],"Besides,":[72],"open-source":[73],"libraries":[74],"do":[75],"not":[76],"necessarily":[77],"follow":[78],"standards":[80],"reporting":[83],"set":[84],"by":[85],"CVE":[86],"NIST,":[88],"but":[89],"rather":[90],"use":[91,115],"Github":[92,170],"issues":[93,171],"for":[94,140,159],"reporting.":[95],"In":[96],"this":[97],"paper,":[98],"we":[99],"propose":[100],"a":[101],"framework,":[102],"NL2Vul,":[103],"measure":[105],"score":[106],"with":[109,166],"minimal":[110],"human":[111],"NL2Vul":[113,155,165],"makes":[114],"deep":[117],"neural":[118],"networks":[119],"train":[121],"descriptions":[123],"software":[125],"from":[127],"NVD":[128,138],"predicts":[130],"scores.":[132],"To":[133],"flexibly":[134],"expand":[135],"trained":[137],"model":[139],"different":[141],"data":[142],"sources":[143],"that":[144],"are":[145],"used":[147],"evaluate":[149],"CSPM,":[154],"uses":[156],"transfer":[157],"learning":[158],"quick":[160],"re-training.":[161],"We":[162],"evaluated":[164],"vanilla":[167],"NVD,":[168],"public":[169],"open":[173],"source":[174],"projects,":[175],"compliance":[177],"technology":[178],"specification":[179],"documents.":[180]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}