File size: 3,649 Bytes
2a7e8e8 84a87fd 2a7e8e8 70b9c58 2a7e8e8 3e7f638 70b9c58 2394377 c44c2b3 2394377 70b9c58 c3341c0 70b9c58 7762f07 70b9c58 7762f07 70b9c58 1809d88 70b9c58 7762f07 25373ed 2a7e8e8 ab225d6 2a7e8e8 70b9c58 2a7e8e8 ac0ee23 c44c2b3 2a7e8e8 ab225d6 84a87fd |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
---
library_name: transformers
license: mit
base_model: roberta-base
tags:
- generated_from_trainer
metrics:
- accuracy
model-index:
- name: vulnerability-severity-classification-roberta-base
results: []
datasets:
- CIRCL/vulnerability-scores
---
# VLAI: A RoBERTa-Based Model for Automated Vulnerability Severity Classification
# Severity classification
This model is a fine-tuned version of [roberta-base](https://huggingface.co/roberta-base) on the dataset [CIRCL/vulnerability-scores](https://huggingface.co/datasets/CIRCL/vulnerability-scores).
The model was presented in the paper [VLAI: A RoBERTa-Based Model for Automated Vulnerability Severity Classification](https://huggingface.co/papers/2507.03607) [[arXiv](https://arxiv.org/abs/2507.03607)].
**Abstract:** VLAI is a transformer-based model that predicts software vulnerability severity levels directly from text descriptions. Built on RoBERTa, VLAI is fine-tuned on over 600,000 real-world vulnerabilities and achieves over 82% accuracy in predicting severity categories, enabling faster and more consistent triage ahead of manual CVSS scoring. The model and dataset are open-source and integrated into the Vulnerability-Lookup service.
You can read [this page](https://www.vulnerability-lookup.org/user-manual/ai/) for more information.
## Model description
It is a classification model and is aimed to assist in classifying vulnerabilities by severity based on their descriptions.
## How to get started with the model
```python
from transformers import AutoModelForSequenceClassification, AutoTokenizer
import torch
labels = ["low", "medium", "high", "critical"]
model_name = "CIRCL/vulnerability-severity-classification-roberta-base"
tokenizer = AutoTokenizer.from_pretrained(model_name)
model = AutoModelForSequenceClassification.from_pretrained(model_name)
model.eval()
test_description = "SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries \
that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system."
inputs = tokenizer(test_description, return_tensors="pt", truncation=True, padding=True)
# Run inference
with torch.no_grad():
outputs = model(**inputs)
predictions = torch.nn.functional.softmax(outputs.logits, dim=-1)
# Print results
print("Predictions:", predictions)
predicted_class = torch.argmax(predictions, dim=-1).item()
print("Predicted severity:", labels[predicted_class])
```
## Training procedure
### Training hyperparameters
The following hyperparameters were used during training:
- learning_rate: 3e-05
- train_batch_size: 16
- eval_batch_size: 16
- seed: 42
- optimizer: Use OptimizerNames.ADAMW_TORCH_FUSED with betas=(0.9,0.999) and epsilon=1e-08 and optimizer_args=No additional optimizer arguments
- lr_scheduler_type: linear
- num_epochs: 5
It achieves the following results on the evaluation set:
- Loss: 0.5072
- Accuracy: 0.8282
### Training results
| Training Loss | Epoch | Step | Validation Loss | Accuracy |
|:-------------:|:-----:|:------:|:---------------:|:--------:|
| 0.5519 | 1.0 | 28760 | 0.6553 | 0.7357 |
| 0.5365 | 2.0 | 57520 | 0.5647 | 0.7746 |
| 0.3656 | 3.0 | 86280 | 0.5397 | 0.7997 |
| 0.4367 | 4.0 | 115040 | 0.4903 | 0.8191 |
| 0.3609 | 5.0 | 143800 | 0.5072 | 0.8282 |
### Framework versions
- Transformers 4.55.2
- Pytorch 2.8.0+cu128
- Datasets 4.0.0
- Tokenizers 0.21.4
|