Fuzzy Heuristic Design for Diagnosis of Web-Based Vulnerabilities

Author

Subramanian, Deepak ; Le, Ha Thanh ; Loh, Peter Kok Keong

Author_Institution

Sch. of Comput. Eng., Nanyang Technol. Univ., Singapore

fYear

2009

fDate

24-28 May 2009

Firstpage

103

Lastpage

108

Abstract

The common vulnerability scoring system (CVSS) provides an open, standardized method for rating vulnerabilities. CVSS provides base-level metrics for vulnerability classification that can be used with other strategies such as intrusion detection classification to form a complete diagnostic system. This emphasizes focus on defining and representing the various strategies that can be employed to provide a formal and more practical approach to vulnerabilities assessment. The various parameters that are defined have been derived from a set of five assertions and the initial fuzzy scanner metrics (the pre-defined scanner parameters). The fuzziness of the scanner metrics allows for a greater manipulation of results before a complete diagnosis can be presented. The confidence reports (1st and 2nd degree) could be used to provide information aiding the initiation of suitable steps to be taken.

Keywords

Internet; fuzzy set theory; Web-based vulnerability; base-level metrics; common vulnerability scoring system; fuzzy heuristic design; fuzzy scanner metrics; Application software; Computerized monitoring; Databases; Design engineering; Fuzzy sets; Fuzzy systems; Internet; Intrusion detection; Protection; Standardization;

fLanguage

English

Publisher

ieee

Conference_Titel

Internet Monitoring and Protection, 2009. ICIMP '09. Fourth International Conference on

Conference_Location

Venice/Mestre

Print_ISBN

978-1-4244-3839-6

Electronic_ISBN

978-0-7695-3612-5

Type

conf

DOI

10.1109/ICIMP.2009.25

Filename

5076357