Sciweavers

ISSA
2004

Categorizing Vulnerabilities Using Data Clustering Techniques

13 years 5 months ago
Categorizing Vulnerabilities Using Data Clustering Techniques
Vulnerability scanning is one of the proactive information security technologies in the Internet and network security domain. However, the current vulnerability scanner (VS) products differ extensively in the way that they can detect vulnerabilities, as well as in the number of vulnerabilities that they can detect. Often, VS products also declare their own vendor-specific vulnerability categories, which makes it difficult to study and compare them. Although Common Vulnerabilities and Exposures (CVE) provides a means to solve the disparate vulnerability names used in the different VS products; it does not standardize vulnerability categories. This paper presents a way to categorize the vulnerabilities in the CVE repository and proposes a solution for standardization of the vulnerability categories using a data-clustering algorithm. KEY WORDS Vulnerability, Vulnerability Scanners (VSs), Common Vulnerabilities and Exposures (CVE), Data clustering. 1 This material is based upon work suppo...
Yun (Lillian) Li
Added 31 Oct 2010
Updated 31 Oct 2010
Type Conference
Year 2004
Where ISSA
Authors Yun (Lillian) Li
Comments (0)