Skip to content

Commit a4697aa

Browse files
doc: Update CNVD improvements report with dataset changes and CyberScale reference
Add dataset improvements (CVE cross-references, dataset card), comparison validator section, CyberScale Phase 1 corroboration, and missing commits. Related to #19 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 30f1872 commit a4697aa

1 file changed

Lines changed: 31 additions & 5 deletions

File tree

docs/cnvd-severity-improvements.md

Lines changed: 31 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -52,10 +52,34 @@ The model card is now a template (`model_card_cnvd_severity.md`) populated with
5252

5353
### Known limitations documented
5454

55-
- Low severity recall (~41%)
56-
- Keyword dependency (accuracy drops from ~89% to ~55% on atypical-severity entries)
57-
- Negation blindness
58-
- CVE overlap (81% of CNVD entries have a CVE equivalent)
55+
The model card now documents:
56+
57+
- **Low severity recall (~41%)**: ~60% of Low entries are misclassified as Medium due to vocabulary overlap. All weighting strategies degrade Medium recall disproportionately.
58+
- **Keyword dependency**: the model biases toward a vulnerability type's typical severity. Accuracy drops from ~89% to ~55% on atypical-severity entries.
59+
- **Negation blindness**: "does NOT allow RCE" still predicts High with high confidence.
60+
- **CVE overlap**: 81% of CNVD entries have a CVE equivalent. The model primarily adds value for the ~19% CNVD-only entries.
61+
62+
These findings align with independent results from [CyberScale Phase 1](https://github.com/eromang/researches/blob/main/CyberScale/docs/lessons-learned.md) (Point 29), which plateaued at ~62% band accuracy on a 4-class CVSS classifier using ModernBERT-base with similar approaches (CWE enrichment, multi-task heads, CPE features — none moving the needle beyond ~2pp).
63+
64+
## Dataset improvements
65+
66+
### CVE cross-references
67+
68+
The `extract_cnvd` function now extracts the `cve_id` field from `cves.cve.cveNumber` in the raw CNVD JSON. This enables users to cross-reference CNVD entries with their CVE equivalents and filter CNVD-only entries.
69+
70+
### Dataset card
71+
72+
A dataset card (`dataset_card_cnvd.md`) was added documenting:
73+
74+
- Field descriptions including the new `cve_id` column
75+
- CVE overlap rate: 81% overall (68-69% in 2020-2021, 91-97% after 2022)
76+
- Severity distribution: High ~36%, Medium ~55%, Low ~9%
77+
- Coverage decline: 94% of reserved IDs published in 2015 → 4% in 2023 (post-RMSV regulations, September 2021)
78+
- Warning about duplicate descriptions and train/test split leakage
79+
80+
## Comparison validator
81+
82+
A dedicated validator (`validators/severity_cnvd.py`) was added to evaluate the old and new models side by side on the same deduplicated test set. It reports per-class precision/recall/F1, confusion matrices, and a summary delta table.
5983

6084
## Commits
6185

@@ -70,12 +94,14 @@ The model card is now a template (`model_card_cnvd_severity.md`) populated with
7094
| `ed2c230` | `--class-weights` flag (none/sqrt/balanced) |
7195
| `f1cd426` | Focal loss option |
7296
| `9fa0f86` | Default to uniform loss |
73-
| `7920361` | Static model card |
97+
| `7920361` | Model card |
7498
| `5b2866c` | Dynamic model card from eval metrics |
99+
| `30f1872` | CVE cross-references and dataset card |
75100

76101
## References
77102

78103
- Issue: [VulnTrain#19](https://github.com/vulnerability-lookup/VulnTrain/issues/19)
79104
- Model: [CIRCL/vulnerability-severity-classification-chinese-macbert-base](https://huggingface.co/CIRCL/vulnerability-severity-classification-chinese-macbert-base)
80105
- Dataset: [CIRCL/Vulnerability-CNVD](https://huggingface.co/datasets/CIRCL/Vulnerability-CNVD)
81106
- External validation: [eromang/researches/CNVD-Dataset-Validation](https://github.com/eromang/researches/tree/main/CNVD-Dataset-Validation)
107+
- Related work: [CyberScale Phase 1 lessons learned](https://github.com/eromang/researches/blob/main/CyberScale/docs/lessons-learned.md)

0 commit comments

Comments
 (0)