EEMCS

Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Search
 Organisation

EEMCS EPrints Service


12061 Analysis of the NIST database towards the composition of vulnerabilities in attack scenarios
Home Policy Brochure Browse Search User Area Contact Help

Nunes Leal Franqueira, V. and van Keulen, M. (2008) Analysis of the NIST database towards the composition of vulnerabilities in attack scenarios. Technical Report TR-CTIT-08-08, Centre for Telematics and Information Technology University of Twente, Enschede. ISSN 1381-3625

Full text available as:

PDF

783 Kb
Open Access


Exported to Metis

Abstract

The composition of vulnerabilities in attack scenarios has
been traditionally performed based on detailed pre- and post-conditions.
Although very precise, this approach is dependent on human analysis, is
time consuming, and not at all scalable. We investigate the NIST National
Vulnerability Database (NVD) with three goals: (i) understand
the associations among vulnerability attributes related to impact, exploitability,
privilege, type of vulnerability and clues derived from plaintext
descriptions, (ii) validate our initial composition model which is
based on required access and resulting effect, and (iii) investigate the
maturity of XML database technology for performing statistical analyses
like this directly on the XML data. In this report, we analyse 27,273
vulnerability entries (CVE [1]) from the NVD. Using only nominal information,
we are able to e.g. identify clusters in the class of vulnerabilities
with no privilege which represent 52% of the entries.

Item Type:Internal Report (Technical Report)
Research Group:EWI-IS: Information Systems, EWI-DB: Databases
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World, CTIT-NICE: Natural Interaction in Computer-mediated Environments
Research Project:IPID: Integrated Policy-based Intrusion Detection, MultimediaN/N3: Multimedia databases
ID Code:12061
Deposited On:04 March 2008
More Information:statisticsmetis

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item