Advancing Software Vulnerability Scoring: A Statistical Approach with Machine Learning Techniques and GridSearchCV Parameter Tuning

The growing complexity, diversity, and importance of software pose a significant threat to computer system security due to exploitable software vulnerabilities. Important infrastructure systems, including banking, electricity, healthcare, and the military, are at risk of loss due to these vulnerabilities that permit unwanted access. This study investigates statistical features that contribute to improved outcomes, even though existing approaches primarily utilize natural language processing for vulnerability descriptions. We present an innovative scoring method that incorporates six well-known machine learning techniques: Linear Regressor, Decision Tree Regressor, Random Forest Regressor, K Nearest Neighbors Regressor, AdaBoost Regressor, and Support Vector Regressor into its framework. An assessment is conducted on 159,979 vulnerabilities obtained from the National Vulnerability Database using six metrics: explained variance, mean absolute error, mean squared log error, R-squared, root mean squared error, and mean squared error. GridSearchCV and tenfold cross-validation have validated the Random Forest Regressor as superior, yielding an accuracy of 0.9486. This approach demonstrates promise in proactive risk management across multiple sectors, including healthcare, energy, defense, and finance, by integrating machine learning techniques and statistical features.