论文信息 - Categorizing Vulnerabilities Using Data Clustering Techniques

Categorizing Vulnerabilities Using Data Clustering Techniques

Vulnerability scanning is one of the proactive information security technologies in the Internet and network security domain. However, the current vulnerability scanner (VS) products differ extensively in the way that they can detect vulnerabilities, as well as in the number of vulnerabilities that they can detect. Often, VS products also declare their own vendor-specific vulnerability categories, which makes it difficult to study and compare them. Although Common Vulnerabilities and Exposures (CVE) provides a means to solve the disparate vulnerability names used in the different VS products; it does not standardize vulnerability categories. This paper presents a way to categorize the vulnerabilities in the CVE repository and proposes a solution for standardization of the vulnerability categories using a data-clustering algorithm.

Yun Li

[1] Jan H. P. Eloff,et al. Harmonising vulnerability categories , 2002, South Afr. Comput. J..

[2] Virginia R. de Sa,et al. Unsupervised Classification Learning from Cross-Modal Environmental Structure , 1994 .

[3] Marc Dacier,et al. Intrusion detection , 1999, Comput. Networks.

[4] Andries P. Engelbrecht,et al. Computational Intelligence: An Introduction , 2002 .

[5] John Fulcher,et al. Computational Intelligence: An Introduction , 2008, Computational Intelligence: A Compendium.

[6] Peter J. Angeline,et al. Competitive Environments Evolve Better Solutions for Complex Tasks , 1993, ICGA.

[7] Petra Perner,et al. Data Mining - Concepts and Techniques , 2002, Künstliche Intell..

[8] Alfred Menezes,et al. Handbook of Applied Cryptography , 2018 .

[9] Charles P. Pfleeger,et al. Security in computing , 1988 .

[10] Ted Pedersen,et al. Distinguishing Word Senses in Untagged Text , 1997, EMNLP.

[11] Paul Jones,et al. Secrets and Lies: Digital Security in a Networked World , 2002 .

[12] Jacek M. Zurada,et al. A self-organizing map with dynamic architecture for efficient color quantization , 2001, IJCNN'01. International Joint Conference on Neural Networks. Proceedings (Cat. No.01CH37222).