Trend Analysis of the CVE Classes Across CVSS Metrics

Bindu Dodiya; Umesh Kumar Singh; Vivaan Gupta

Call for Paper

January Edition

IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper

Know more

The week's pick

Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen

Random Articles

Application of Stochastic Gradient Kernel in Watershed Segmentation to be used in Noisy Environment

July

2013

Performance Evaluation of Weighted Round Robin Grid Scheduling

April

2013

Development of an Efficient Face Recognition System based on Linear and Nonlinear Algorithms

January

2016

Secure AODV using Symmetric Key Cryptography with Cyclic Chain Hash Function (CCHF)

June

2012

Reseach Article

Trend Analysis of the CVE Classes Across CVSS Metrics

by Bindu Dodiya, Umesh Kumar Singh, Vivaan Gupta

International Journal of Computer Applications

Foundation of Computer Science (FCS), NY, USA

Volume 183 - Number 33

Year of Publication: 2021

Authors: Bindu Dodiya, Umesh Kumar Singh, Vivaan Gupta

10.5120/ijca2021921718

Bindu Dodiya, Umesh Kumar Singh, Vivaan Gupta . Trend Analysis of the CVE Classes Across CVSS Metrics. International Journal of Computer Applications. 183, 33 ( Oct 2021), 23-30. DOI=10.5120/ijca2021921718

@article{ 10.5120/ijca2021921718,

author = { Bindu Dodiya, Umesh Kumar Singh, Vivaan Gupta },

title = { Trend Analysis of the CVE Classes Across CVSS Metrics },

journal = { International Journal of Computer Applications },

issue_date = { Oct 2021 },

volume = { 183 },

number = { 33 },

month = { Oct },

year = { 2021 },

issn = { 0975-8887 },

pages = { 23-30 },

numpages = {9},

url = { https://ijcaonline.org/archives/volume183/number33/32145-2021921718/ },

doi = { 10.5120/ijca2021921718 },

publisher = {Foundation of Computer Science (FCS), NY, USA},

address = {New York, USA}

}

%0 Journal Article

%1 2024-02-07T01:18:37.473736+05:30

%A Bindu Dodiya

%A Umesh Kumar Singh

%A Vivaan Gupta

%T Trend Analysis of the CVE Classes Across CVSS Metrics

%J International Journal of Computer Applications

%@ 0975-8887

%V 183

%N 33

%P 23-30

%D 2021

%I Foundation of Computer Science (FCS), NY, USA

Abstract

Understanding vulnerability trends is important for risk management process.. Understanding trends helps in early detection of problems and also in planning defense mechanisms. In this paper analysis of the trends of Common Vulnerabilities and Exposures (CVE) from the National Vulnerability Database (NVD) for 2005 to 2020 has presented. 136566 CVEs has been extracted for sixteen years, also their Common Vulnerability Scoring System (CVSS) scores has been collected from the NVD, then analysis of severity, and CVSS base metrics trends ,and trends for classified vulnerability data has been done . Such analysis of vulnerability data according to their type, CIA impact, access vector and access complexity helpful in identifying most critical class of vulnerability relative to system environment and improve risk mitigation process.

References

G Stoneburner, A Goguen, and A Feringa, “Risk Management Guide for Information Technology Systems”, NIST Special Publication 800- 30, July 2002, Available: http://csrc.nist.gov/publi cations/nistpubs/800-30/sp800-30.pdf
Richard Kuhn, M S Raunak and Raghu Kacker” An Analysis of Vulnerability Trends, 2008 – 2016”, Proceedings, Software Quality, Reliability and Security (QRS-C), 2017 IEEE International Conference on (pp. 587-588).
R. Kuhn and Chris Johnson, “Vulnerability Trends: Measuring Progress”, IT Professional, 2010, pp. 51-53.
National Vulnerability Database, http://nvd.nist.gov.
Common Vulnerabilities and Exposures. [Online]. Available:http://cve.mitre.org
Common Weakness Enumeration. [Online]. Available: http://cwe.mitre.org
“NVD Common Vulnerability Scoring System Support v2”, National Vulnerability Database, Available:https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?version=3
R. Gopalakrishna, E. Spafford and J. Vitek, “A Trend Analysis of Vulnerabilities”, CERIAS TR 2005-06, 2005.
Tim Shimeall and Phil Williams, “Models of Information Security Trend Analysis”, Available at http://www.cert.org/archive/pdf/info-security.pdf.
Tripathi, A. Singh, U.K., “ Analyzing Trends in Vulnerability Classes across CVSS Metrics”, International Journal of Computer Applications (0975 – 8887) Volume 36– No.3, December 2011.

Index Terms

Computer Science

Information Sciences

Keywords

Vulnerability Trend analysis CVSS metrics CWE NVD.