Franqueira, Virginia Nunes Leal and van Keulen, Maurice (2008) Analysis of the NIST database towards the composition of vulnerabilities in attack scenarios. Project Report. Centre for Telematics and Information Technology, University of Twente, Enschede.
- Published Version
The composition of vulnerabilities in attack scenarios has been traditionally performed based on detailed pre- and post-conditions. Although very precise, this approach is dependent on human analysis, is time consuming, and not at all scalable. We investigate the NIST National Vulnerability Database (NVD) with three goals: (i) understand the associations among vulnerability attributes related to impact, exploitability, privilege, type of vulnerability and clues derived from plaintext descriptions, (ii) validate our initial composition model which is based on required access and resulting effect, and (iii) investigate the maturity of XML database technology for performing statistical analyses like this directly on the XML data. In this report, we analyse 27,273 vulnerability entries (CVE 1) from the NVD. Using only nominal information, we are able to e.g. identify clusters in the class of vulnerabilities with no privilege which represent 52% of the entries.
|Item Type:||Monograph (Project Report)|
|Subjects:||Q Science > Q Science (General)|
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
|Schools:||College of Science and Technology > School of Physical Sciences and Computing|
|Deposited By:||Carmit Erez|
|Deposited On:||01 Nov 2012 16:36|
|Last Modified:||06 Mar 2014 14:44|
Downloads per month over past year
Downloads for past 30 days
Repository Staff Only: item control page