The fuzzy common vulnerability scoring system (F-CVSS) based on a least squares approach with fuzzy logistic regression

Abstract This study presents a new approach for calculations within the Common Vulnerability Scoring System that scoring the effects of vulnerabilities in software on the security status. These calculations is the method that is most commonly used in scoring software vulnerabilities. The present model demonstrates how software security vulnerabilities can be calculated using linguistic terms. Therefore, the proposed method has a more flexible structure than this system. The current Common Vulnerability Scoring System formula and scores were used to assess and implement the presented model. The aim was to form a fuzzy model called the Fuzzy Common Vulnerability Scoring System based on the success probabilities which are defined using linguistic terms such as low, very low or high. Moreover, the Fuzzy Logistic Regression (FLR) method was used to define the relationship between the exact inputs and fuzzy multiple outputs, and the Least Squares Method was used to estimate the parameters of the presented model. The performance of the model was evaluated by a comparison using Mean Squared Error (MSE), Mean Absolute Error (MAE), and Kim and Bishu’s criterion. Validity of the fuzzy regression model is demonstrated with different fitness functions. The expectation was that more practical estimations with better error tolerance can be achieved by using linguistic terms to assess common vulnerabilities.

[1]  Ebrahim Nasrabadi,et al.  Fuzzy linear regression models with least square errors , 2005, Appl. Math. Comput..

[2]  Jian Zhou,et al.  Fuzzy linear regression models for QFD using optimized h values , 2015, Eng. Appl. Artif. Intell..

[3]  C. R. Bector,et al.  A simple method for computation of fuzzy linear regression , 2005, Eur. J. Oper. Res..

[4]  Zengqiang Chen,et al.  Chaos-Based Fuzzy Regression Approach to Modeling Customer Satisfaction for Product Design , 2013, IEEE Transactions on Fuzzy Systems.

[5]  Seyed Mahmoud Taheri,et al.  Fuzzy logistic regression with least absolute deviations estimators , 2014, Soft Computing.

[6]  S. Srivastava,et al.  Adaptive Fuzzy Regression Model for the Prediction of Dichotomous Response Variables Using Cancer Data: A Case Study , 2008 .

[7]  Maxwell G. Dondo,et al.  A Vulnerability Prioritization System Using A Fuzzy Risk Analysis Approach , 2008, SEC.

[8]  Kit Yan Chan,et al.  Fuzzy regression for perceptual image quality assessment , 2015, Eng. Appl. Artif. Intell..

[9]  Kit Yan Chan,et al.  Varying Spread Fuzzy Regression for Affective Quality Estimation , 2017, IEEE Transactions on Fuzzy Systems.

[10]  Abraham Kandel,et al.  General fuzzy least squares , 1997, Fuzzy Sets Syst..

[11]  Vali Derhami,et al.  An automatic method for CVSS score prediction using vulnerabilities description , 2015, J. Intell. Fuzzy Syst..

[12]  Yifan Gao,et al.  A fuzzy logistic regression model based on the least squares estimation , 2018 .

[13]  H. Tanka Fuzzy data analysis by possibilistic linear models , 1987 .

[14]  Phil Diamond,et al.  Fuzzy least squares , 1988, Inf. Sci..

[15]  A. Celmins Least squares model fitting to fuzzy vector data , 1987 .

[16]  G. H.Shakouri,et al.  A novel fuzzy linear regression model based on a non-equality possibility index and optimum uncertainty , 2009, Appl. Soft Comput..

[17]  Chiang Kao,et al.  A fuzzy linear regression model with better explanatory power , 2002, Fuzzy Sets Syst..

[18]  Jian-Bo Yang,et al.  On the centroids of fuzzy numbers , 2006, Fuzzy Sets Syst..

[19]  Ram R. Bishu,et al.  Evaluation of fuzzy linear regression models by comparing membership functions , 1998, Fuzzy Sets Syst..

[20]  Bernard De Baets,et al.  A comparison of fuzzy regression methods for the estimation of the implied volatility smile function , 2015, Fuzzy Sets Syst..

[21]  Masatoshi Sakawa,et al.  Fuzzy linear regression analysis for fuzzy input-output data , 1992, Inf. Sci..

[22]  S. Mahmoud Taheri,et al.  Fuzzy logistic regression based on the least squares approach with application in clinical studies , 2011, Comput. Math. Appl..

[23]  So Young Sohn,et al.  Technology credit scoring model with fuzzy logistic regression , 2016, Appl. Soft Comput..

[24]  J. Watada,et al.  Possibilistic linear systems and their application to the linear regression model , 1988 .

[25]  Tharam S. Dillon,et al.  A Flexible Fuzzy Regression Method for Addressing Nonlinear Uncertainty on Aesthetic Quality Assessments , 2017, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[26]  Miin-Shen Yang,et al.  Fuzzy least-squares linear regression analysis for fuzzy input-output data , 2002, Fuzzy Sets Syst..