Abstract
National Vulnerability Database (NVD) provides publicly known security vulnerabilities called Common Vulnerabilities and Exposures (CVE). There are a number of CVE entries, although, some of them cannot provide sufficient information, such as vulnerability type. In this paper, we propose a classification method of categorizing CVE entries into vulnerability type using naïve Bayes classifier. The classification ability of the method is evaluated by a set of testing data. We can analyze CVE entries that are not yet classified as well as uncategorized vulnerability documents.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Durumeric, Z., Adrian, D., Mirian, A., Bailey, M., Halderman, J.A.: A search engine backed by Internet-wide scanning. In: SIGSAC Conference on Computer and Communications Security (CCS’15), pp. 542-553. (2015)
National Vulnerability Database, https://nvd.nist.gov/.
Genge, B., Enăchescu, C.: ShoVAT, Shodan-based vulnerability assessment tool for Internet-facing services. In: Security and Communication Networks, pp. 1-19. (2015)
Shodan, https://www.shodan.io/.
Chang, Y.Y., Zavarsky, P., Ruhl, R., Lindskog, D.: Trend analysis of the CVE for software vulnerability management. In: IEEE International Conference on Privacy, Security, Risk, and Trust (PASSAT) and IEEE International Conference on Social Computing (SocialCom), pp. 1290-1293. (2011)
Neuhaus, S., Zimmermann, T.: Security trend analysis with CVE topic models. In: IEEE International Symposium on Software Reliability Engineering, pp. 111-120. (2010)
Guo, M., Wang, J.A.: An ontology-based approach to model common vulnerabilities and exposures in information security. In: American Society for Engineering Education (ASEE) Southeastern Section Conference. (2009)
Li, Z., Tan, L., Wang, X., Lu, S., Zhou, Y., Zhai, C.: Have things changed now?: An empirical study of bug characteristics in modern open source software. In: Workshop on Architectural and System Support for Improving Software Dependability (ASID), pp. 25-33. (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Na, S., Kim, T., Kim, H. (2017). A Study on the Classification of Common Vulnerabilities and Exposures using Naïve Bayes. In: Barolli, L., Xhafa, F., Yim, K. (eds) Advances on Broad-Band Wireless Computing, Communication and Applications. BWCCA 2016. Lecture Notes on Data Engineering and Communications Technologies, vol 2. Springer, Cham. https://doi.org/10.1007/978-3-319-49106-6_65
Download citation
DOI: https://doi.org/10.1007/978-3-319-49106-6_65
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49105-9
Online ISBN: 978-3-319-49106-6
eBook Packages: EngineeringEngineering (R0)