Skip to main content
Springer Nature Link
Log in

An Improved Common Vulnerability Scoring System Based on K-means

  • Conference paper
  • First Online:
Trustworthy Computing and Services (ISCTCS 2013)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 426))

Included in the following conference series:

  • 1289 Accesses

Abstract

To objectively divide the level of vulnerability severity in Common Vulnerability Scoring System (CVSS), this paper provides a method based on k-means clustering algorithm to improve CVSS and makes it more convictive to evaluate vulnerability. A lot of data as sample are achieved by scoring the severity of the known vulnerabilities according to CVSS, and then these data can be processed by k-means. At last we objectively obtain the ranges of CVSS scores corresponding to every vulnerability severity level, and the results are in keeping with CVSS system basically. So that the proposed method can determine the severity level of a new vulnerability according to the divided scope of CVSS scores objectively.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Threat and risk assessment working guide. http://www.docin.com/p-105716229.html

  2. Security bulletin severity rating system. http://technet.microsoft.com/en-us/security/gg309177.aspx

  3. Vulnerability notes database field description. http://www.kb.cert.org/vuls/html/fieldhelp

  4. Yang, H., Xie, L., Zhu, D.: A vulnerability severity grey hierarchy analytic evaluation model. J. Univ. Electron. Sci. Technol. China 39, 777–782 (2010)

    Google Scholar 

  5. Zhang, Y., Yun, X., Hu, M.: Research on privilege-escalating based vulnerability taxonomy with multidimensional quantitative attribute. J. China Inst. Commun. 25, 107–114 (2004)

    Google Scholar 

  6. Shao, F., Yu, Z.: Principle and Algorithm of Data Mining. China WaterPower Press, Beijing (2003)

    Google Scholar 

  7. K-meansclustering algorithm. http://www.cnblogs.com/jerrylead/archive/2011/04/06/2006910.html

  8. A complete guide to the common vulnerability scoring system version 2.0. http://www.first.org/cvss/cvss-guide.html

  9. Wang, R.: Research on techniques of vulnerability detection and security evaluation based on correlation analysis. Northwest University, pp. 31–34 (2012)

    Google Scholar 

  10. Common vulnerability and exposures. http://cve.mitre.org/

  11. National vulnerability database home. http://nvd.nist.gov/

Download references

Acknowledgements

This work is supported by the Hi-Tech Research and Development Program of China under Grant Nos. 2012AA01A404, 2012AA012506, 2012AA01A401, 2012AA012901.

Author information

Authors and Affiliations

  1. Key Laboratory of Trustworthy Distributed Computing and Service (BUPT), Ministry of Education, Beijing, China

    Pingping Liu, Xu Wu & Wei Liu

  2. School of Computer Science, Beijing University of Posts and Telecommunications, Beijing, China

    Pingping Liu, Xu Wu & Wei Liu

  3. School of Computer Science and Technology, Harbin Institute of Technology, Haerbin, 150001, China

    Zhihong Tian

  4. Beijing HIT Computer Network and Information Security Technology Research Center, Beijing, China

    Zhihong Tian

  5. Beijing University of Posts and Telecommunications Library, Beijing, China

    Xu Wu

Authors
  1. Pingping Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhihong Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xu Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wei Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pingping Liu .

Editor information

Editors and Affiliations

  1. Beijing University of Posts and Telecommunications, Beijing, China

    Yuyu Yuan

  2. Beijing University of Posts and Telecommunications, Beijing, China

    Xu Wu

  3. Beijing University of Posts and Telecommunications, Beijing, China

    Yueming Lu

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Liu, P., Tian, Z., Wu, X., Liu, W. (2014). An Improved Common Vulnerability Scoring System Based on K-means. In: Yuan, Y., Wu, X., Lu, Y. (eds) Trustworthy Computing and Services. ISCTCS 2013. Communications in Computer and Information Science, vol 426. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43908-1_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-43908-1_8

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-43907-4

  • Online ISBN: 978-3-662-43908-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics