CFP last date
20 January 2025
Reseach Article

Analyzing Trends in Vulnerability Classes across CVSS Metrics

by Anshu Tripathi, Umesh Kumar Singh
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 36 - Number 3
Year of Publication: 2011
Authors: Anshu Tripathi, Umesh Kumar Singh
10.5120/4474-6282

Anshu Tripathi, Umesh Kumar Singh . Analyzing Trends in Vulnerability Classes across CVSS Metrics. International Journal of Computer Applications. 36, 3 ( December 2011), 38-44. DOI=10.5120/4474-6282

@article{ 10.5120/4474-6282,
author = { Anshu Tripathi, Umesh Kumar Singh },
title = { Analyzing Trends in Vulnerability Classes across CVSS Metrics },
journal = { International Journal of Computer Applications },
issue_date = { December 2011 },
volume = { 36 },
number = { 3 },
month = { December },
year = { 2011 },
issn = { 0975-8887 },
pages = { 38-44 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume36/number3/4474-6282/ },
doi = { 10.5120/4474-6282 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T20:22:13.681333+05:30
%A Anshu Tripathi
%A Umesh Kumar Singh
%T Analyzing Trends in Vulnerability Classes across CVSS Metrics
%J International Journal of Computer Applications
%@ 0975-8887
%V 36
%N 3
%P 38-44
%D 2011
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Rising vulnerability statistics demands multidimensional trend analysis for efficient threat mitigation. Understanding trends aids in early detection of problems and also in planning defense mechanisms. In this regard, this paper presents fine-grained trend analysis on classified vulnerability data provided by NVD, across six CVSS base metrics. Such analysis of vulnerability data according to their type, CIA impact, access vector and access complexity helpful in identifying most critical class of vulnerability relative to system environment and improve risk mitigation process.

References
  1. R. Kuhn, H. Rossman and S. Liu, “Introducing Insecure IT”, IT Professional, Jan/Feb 2009, pp. 24-26.
  2. NHS and NIST, National Vulnerability Database (NVD), automating vulnerability management, security Measurement, and compliance checking, http://nvd.nist.gov/scap.cfm , (Accessed on 15-06-2011).
  3. Tim Shimeall and Phil Williams, “Models of Information Security Trend Analysis”, Available at http://www.cert.org/archive/pdf/info-security.pdf.
  4. R. Gopalakrishna, E. Spafford and J. Vitek, “A Trend Analysis of Vulnerabilities”, CERIAS TR 2005-06, 2005.
  5. Tripathi, A. Singh, U.K., “Taxonomic Analysis of Classification Schemes in Vulnerability Databases” (Communicated)
  6. Common Vulnerabilities and Exposures. [Online]. Available:http://cve.mitre.org (Accessed on 15-06-2011)
  7. Common Weakness Enumeration. [Online]. Available: http://cwe.mitre.org (Accessed on 15-06-2011)
  8. Zhongqiang Chen, Yuan Zhang, Zhongrong Chen, “A Categorization Framework for Commom Vulnerabilities and Exposures.” In the computer Journal Advance Access published online on May 7, 2009, http://comjnl.oxfordjournals.org,doilO.1093/comjnl/bxp040
  9. R. Kuhn and Chris Johnson, “Vulnerability Trends: Measuring Progress”, IT Professional, 2010, pp. 51-53.
Index Terms

Computer Science
Information Sciences

Keywords

Vulnerability Trend analysis CVSS metrics CWE NVD