ABSTRACT
This paper proposes a novel model and methodology to classify and categorize vulnerabilities according to their security types. We use Bayesian networks to automate the process. An example is provided to demonstrate the process of categorization. The automatically generated result is compared to the CVE type in NVD [6], and it proved the correctness of our method.
Supplemental Material
Available for Download
- M. Bishop. A taxonomy of UNIX system and network vulnerabilities. Technical Report CSE-9510. Davis: Department of Computer Science, University of California; 1995.Google Scholar
- I. V. Krsul. Software vulnerability analysis. Available from: http://www.krsul.org/ivan/articles/main.pdf; May 1998. Google ScholarDigital Library
- H. S. Venter and J. H. P. Eloff. Harmonising vulnerability categories. South African Computer Journal, 29, 2002.Google Scholar
- H. S. Venter, J. H. P. Eloff, Y. L. Li. Standardising Vulnerability Categories. Computers & Security, 27, p71--83, 2008.Google ScholarDigital Library
- Melanie Tupper. A Comparison of Word Frequency and N-Gram Based Vulnerability Categorization Using SOM.Google Scholar
- National Vulnerability Database. CWE Cross Section Mapped into by NVD. Available from: http://nvd.nist.gov/cwe.cfm; March 2010.Google Scholar
- J. A. Wang, H. Wang, M. Guo, L. Zhou and J. Camargo, Ranking Attacks Based on Vulnerability Analysis, in Proceedings of the 43rd Annual Hawaii International Conference on System Sciences. Published by the IEEE Computer Society, ISBN: 978-0-7695-3869-3; ISSN 1530--1605. January 5--8, 2010. Google ScholarDigital Library
- J. A. Wang, L. Zhou, M. Guo, H. Wang, and J. Camargo, Measuring Similarity for Security Vulnerabilities, in Proceedings of the 43rd Annual Hawaii International Conference on System Sciences. Published by the IEEE Computer Society, ISBN: 978-0-7695-3869-3; ISSN 1530--1605. January 5--8, 2010. Google ScholarDigital Library
- J. A. Wang, Minzhe Guo, Hao Wang, Min Xia, and Lingfeng Zhou, Ontology-based Security Assessment for Software Products, in Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, ISBN 978-1-60558-518-5, Oak Ridge, TN, April 13--15, 2009. Google ScholarDigital Library
- J. A. Wang, M. Guo, and J. Camargo, An Ontological Approach to Computer System Security, Information Security Journal: A Global Perspective, V.19 N.2:61--73, 2010. ISSN: 1939--355. Google ScholarDigital Library
- Nir Friedman, Dan Geiger, and Moises Goldszmidt, Bayesian Network Classifiers, Machine Learning, V. 29, N. 2--3, Nov/Dec. 1997, pages: 131--163. Google ScholarDigital Library
Index Terms
- Vulnerability categorization using Bayesian networks
Recommendations
Towards a bayesian network game framework for evaluating DDoS attacks and defense
CCS '12: Proceedings of the 2012 ACM conference on Computer and communications securityWith a long history of compromising Internet security, Distributed Denial-of-Service (DDoS) attacks have been intensively investigated and numerous countermeasures have been proposed to defend against them. In this work, we propose a non-standard game-...
Detecting Adversarial Attacks in the Context of Bayesian Networks
Data and Applications Security and Privacy XXXIIIAbstractIn this research, we study data poisoning attacks against Bayesian network structure learning algorithms. We propose to use the distance between Bayesian network models and the value of data conflict to detect data poisoning attacks. We propose a ...
Parameter manipulation attack prevention and detection by using web application deception proxy
IMCOM '17: Proceedings of the 11th International Conference on Ubiquitous Information Management and CommunicationThe attack abusing web application vulnerabilities are currently classified into traditional attack threats. However, security breaches by web application attacks are still reported via mass media. Although the vulnerabilities in popular products such ...
Comments