Vulnerability categorization using Bayesian networks
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
EVMAT: an OVAL and NVD based enterprise vulnerability modeling and assessment tool
Proceedings of the 49th Annual Southeast Regional Conference
A multi-layer tree model for enterprise vulnerability management
Proceedings of the 2011 conference on Information technology education
Estimating risk levels for vulnerability categories using CVSS
International Journal of Internet Technology and Secured Transactions
A model for quantitative security measurement and prioritisation of vulnerability mitigation
International Journal of Security and Networks
Evaluation of severity index of vulnerability categories
International Journal of Information and Computer Security
Hi-index | 0.00 |
Now that multiple-known attacks can affect one software product at the same time, it is necessary to rank and prioritize those attacks in order to establish a better defense. The purpose of this paper is to provide a set of security metrics to rank attacks based on vulnerability analysis. The vulnerability information is retrieved from a vulnerability management ontology, which integrates commonly used standards like CVE, CWE, CVSS, and CAPEC. Among the benefits of ranking attacks through the method proposed here are: a more effective mitigation or prevention of attack patterns against systems, a better foundation to test software products, and a better understanding of vulnerabilities and attacks.