The Common Vulnerability Scoring System (CVSS) provides an open, standardized method for rating vulnerabilities. CVSS provides base-level metrics for vulnerability classification that can be used with other strategies such as Intrusion Detection Classification to form a complete diagnostic system. This emphasizes focus on defining and representing the various strategies that can be employed to provide a formal and more practical approach to vulnerabilities assessment. The various parameters that are defined have been derived from a set of five assertions and the initial fuzzy scanner metrics (The pre-defined scanner parameters). The fuzziness of the scanner metrics allows for a greater manipulation of results before a complete diagnosis can be presented. The confidence reports (1st and 2nd degree) could be used to provide information aiding the initiation of suitable steps to be taken.
[1]
Jonatan Gómez,et al.
Evolving Fuzzy Classifiers for Intrusion Detection
,
2002
.
[2]
Peter K. K. Loh,et al.
Unified Approach to Vulnerability Analysis of Web Applications
,
2008
.
[3]
Paul Lukowicz,et al.
Performance Metrics and Evaluation Issues for Continuous Activity Recognition
,
2006
.
[4]
Peter Kok Keong Loh,et al.
Evaluating AVDL descriptions for web application vulnerability analysis
,
2008,
2008 IEEE International Conference on Intelligence and Security Informatics.
[5]
Karen A. Scarfone,et al.
A Complete Guide to the Common Vulnerability Scoring System Version 2.0 | NIST
,
2007
.
[6]
Peter Kok Keong Loh,et al.
Realizing Web Application Vulnerability Analysis via AVDL
,
2008,
ICEIS.