Analysis of the NIST database towards the composition of vulnerabilities in attack scenarios

Share/Save/Bookmark

Nunes Leal Franqueira, V. and van Keulen, M. (2008) Analysis of the NIST database towards the composition of vulnerabilities in attack scenarios. [Report]

[img]
Preview
PDF
782Kb
Abstract:The composition of vulnerabilities in attack scenarios has
been traditionally performed based on detailed pre- and post-conditions.
Although very precise, this approach is dependent on human analysis, is
time consuming, and not at all scalable. We investigate the NIST National
Vulnerability Database (NVD) with three goals: (i) understand
the associations among vulnerability attributes related to impact, exploitability,
privilege, type of vulnerability and clues derived from plaintext
descriptions, (ii) validate our initial composition model which is
based on required access and resulting effect, and (iii) investigate the
maturity of XML database technology for performing statistical analyses
like this directly on the XML data. In this report, we analyse 27,273
vulnerability entries (CVE [1]) from the NVD. Using only nominal information,
we are able to e.g. identify clusters in the class of vulnerabilities
with no privilege which represent 52% of the entries.
Item Type:Report
Faculty:
Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:
Link to this item:http://purl.utwente.nl/publications/64664
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page

Metis ID: 250896