Title :
Measuring Similarity for Security Vulnerabilities
Author :
Wang, Ju An ; Zhou, Linfeng ; Guo, Minzhe ; Wang, Hao ; Camargo, Jairo
Abstract :
As the number of software vulnerabilities increases year by year, software vulnerability becomes a focusing point in information security. This paper proposes a vulnerability similarity measurement to compare different vulnerabilities according to a set of criteria. Our approach is based on the structural hierarchy of vulnerabilities, and the similarity is defined using established mathematical models. The National Vulnerability Database and the Ontology of Vulnerability Management provide the information necessary for the similarity calculation. The similarity measurement can be used in many areas of vulnerability management, such as vulnerability classification, mitigation, and patching.
Keywords :
security of data; software engineering; information security; mathematical models; national vulnerability database; security vulnerabilities; similarity calculation; similarity measurement; software vulnerabilities; vulnerabilities structural hierarchy; vulnerability classification; vulnerability management ontology; vulnerability mitigation; vulnerability patching; vulnerability similarity measurement; Conference management; Data security; Databases; Information retrieval; Information security; Knowledge management; Mathematical model; National security; Ontologies; Software measurement;
Conference_Titel :
System Sciences (HICSS), 2010 43rd Hawaii International Conference on
Conference_Location :
Honolulu, HI
Print_ISBN :
978-1-4244-5509-6
Electronic_ISBN :
1530-1605
DOI :
10.1109/HICSS.2010.269
