Advancing Vulnerability Classification with BERT: A Multi-Objective Learning Model

--The rapid increase in cybersecurity vulnerabilities necessitates automated tools for analyzing and classifying vulnerability reports. This paper presents a novel V ulnerability Report Classifier that leverages the BERT (Bidirectional Encoder Representations from Transformers) model to perform multi-label classification of Common V ulnerabilities and Exposures (CVE) reports from the National V ulnerability Database (NVD). The classifier predicts both the severity (Low, Medium, High, Critical) and vulnerability types (e.g., Buffer Overflow, XSS) from textual descriptions. We introduce a custom training pipeline using a combined loss function--Cross-Entropy for severity and Binary Cross-Entropy with Logits for types--integrated into a Hugging Face Trainer subclass. Experiments on recent NVD data demonstrate promising results, with decreasing evaluation loss across epochs. The system is deployed via a REST API and a Streamlit UI, enabling real-time vulnerability analysis. This work contributes a scalable, open-source solution for cybersecurity practitioners to automate vulnerability triage. I NTRODUCTION The relentless evolution of software systems, driven by their increasing complexity and interconnectedness, has ushered in a dramatic rise in cybersecurity vulnerabilities, presenting a formidable challenge to organizations, governments, and individual users alike. Each year, thousands of new vulnerabilities are identified and cataloged, with repositories like the National Vulnerability Database (NVD) serving as critical resources for tracking these threats.