Standardising vulnerability categories

Each vulnerability scanner (VS) represents, identifies and classifies vulnerabilities in its own way, thus making the different scanners difficult to study and compare. Despite numerous efforts by researchers and organisations to solve the disparity in vulnerability names used in the different VSs,...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 2008-05, Vol.27 (3), p.71-83
Hauptverfasser: Venter, H.S., Eloff, J.H.P., Li, Y.L.
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Each vulnerability scanner (VS) represents, identifies and classifies vulnerabilities in its own way, thus making the different scanners difficult to study and compare. Despite numerous efforts by researchers and organisations to solve the disparity in vulnerability names used in the different VSs, vulnerability categories have still not been standardised. This paper highlights the importance of having a standard vulnerability category set. It also outlines an approach towards achieving this goal by generating a standard set of vulnerability categories. A data-clustering algorithm that employs artificial intelligence is used for this purpose. The significance of this research results from having an intelligent technique that aids in the generation of standardised vulnerability categories in a relatively fast way. In addition, the technique is generic in the sense that it allows one to accommodate any VS currently known on the market to create such vulnerability categories. Another benefit is that the approach followed in this paper allows one to also compare various VSs currently available on the market. A prototype is presented to verify the concept.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2008.04.002