Exploiting hierarchical domain structure to compute similarity
ACM Transactions on Information Systems (TOIS)
Modeling Software VulnerabilitiesWith Vulnerability Cause Graphs
ICSM '06 Proceedings of the 22nd IEEE International Conference on Software Maintenance
Predicting vulnerable software components
Proceedings of the 14th ACM conference on Computer and communications security
Measuring Network Vulnerability Based on Pathology
WAIM '08 Proceedings of the 2008 The Ninth International Conference on Web-Age Information Management
Prioritizing software security fortification throughcode-level metrics
Proceedings of the 4th ACM workshop on Quality of protection
Ranking Attack-Prone Components with a Predictive Model
ISSRE '08 Proceedings of the 2008 19th International Symposium on Software Reliability Engineering
Ontology-based security assessment for software products
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
OVM: an ontology for vulnerability management
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Taxonomies of attacks and vulnerabilities in computer systems
IEEE Communications Surveys & Tutorials
Hi-index | 0.00 |
As the number of software vulnerabilities increases, the research on software vulnerabilities becomes a focusing point in information security. A vulnerability could be exploited to attack the information asset with the weakness related to the vulnerability. However, multiple attacks may target one software product at the same time, and it is necessary to rank and prioritize those attacks in order to establish a better defense. This paper proposes a similarity measurement to compare and categorize vulnerabilities, and a set of security metrics to rank attacks based on vulnerability analysis. The vulnerability information is retrieved from a vulnerability management ontology integrating commonly used standards like CVE ( http://www.cve.mitre.org/ ), CWE ( http://www.cwe.mitre.org/ ), CVSS ( http://www.first.org/cvss/ ), and CAPEC ( http://www.capec.mitre.org/ ). This approach can be used in many areas of vulnerability management to secure information systems and e-business, such as vulnerability classification, mitigation and patching, threat detection and attack prevention.