Vulnerability categorization using Bayesian networks

This paper proposes a novel model and methodology to classify and categorize vulnerabilities according to their security types. We use Bayesian networks to automate the process. An example is provided to demonstrate the process of categorization. The automatically generated result is compared to the CVE type in NVD [6], and it proved the correctness of our method.

[1]  Hao Wang,et al.  Ranking Attacks Based on Vulnerability Analysis , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[2]  Jan H. P. Eloff,et al.  Harmonising vulnerability categories , 2002, South Afr. Comput. J..

[3]  Melanie Tupper A Comparison of Word Frequency and N-Gram Based Vulnerability Categorization Using SOM , 2008 .

[4]  Nir Friedman,et al.  Bayesian Network Classifiers , 1997, Machine Learning.

[5]  Hao Wang,et al.  Ontology-based security assessment for software products , 2009, CSIIRW '09.

[6]  Ju An Wang,et al.  An Ontological Approach to Computer System Security , 2010, Inf. Secur. J. A Glob. Perspect..

[7]  Jan H. P. Eloff,et al.  Standardising vulnerability categories , 2008, Comput. Secur..

[8]  Eugene H. Spafford,et al.  Software vulnerability analysis , 1998 .

[9]  Matt Bishop,et al.  A Taxonomy of UNIX System and Network Vulnerabilities , 1997 .

[10]  Hao Wang,et al.  Measuring Similarity for Security Vulnerabilities , 2010, 2010 43rd Hawaii International Conference on System Sciences.