The Computer Journal

The Computer Journal Advance Access published online on May 7, 2009
The Computer Journal, doi:10.1093/comjnl/bxp040

This Article Full Text (PDF) Alert me when this article is cited Alert me if a correction is posted Services Email this article to a friend Similar articles in this journal Alert me to new issues of the journal Add to My Personal Archive Download to citation manager Request Permissions Google Scholar Articles by Chen, Z. Articles by Chen, Z. Search for Related Content Social Bookmarking          What's this?

© The Author 2009. Published by Oxford University Press on behalf of The British Computer Society. All rights reserved. For Permissions, please email: journals.permissions@oxfordjournals.org

A Categorization Framework for Common Computer Vulnerabilities and Exposures

Zhongqiang Chen^1,*, Yuan Zhang² and Zhongrong Chen³

¹ Yahoo! Inc., Santa Clara, CA 95054, USA
² Florida State University, Tallahassee, FL 32306, USA
³ ProMetrics Inc., King of Prussia, PA 19406, USA

^* Corresponding author: zqchen{at}yahoo-inc.com

Received 16 September 2008; revised 26 January 2009

The dictionary of common vulnerabilities and exposures (CVEs) is a compilation of known security loopholes whose objective is to both facilitate the exchange of security-related information and expedite vulnerability analysis of computer systems. Its lack of categorization and generalization capability renders the dictionary ineffective when it comes to developing defense strategies for clustered vulnerabilities instead of individual exploits. To address this issue, we propose a CVE categorization framework termed CVE Classifier that transforms the dictionary into a classifier that not only categorizes CVEs with respect to diverse taxonomic features but can also evaluate general trends in the evolution of vulnerabilities. With the help of support vector machines, CVE Classifier builds learning models for taxonomic features based on training data automatically extracted from pertinent vulnerability databases including BID, X-Force and Secunia, and CVE entries containing telltale keywords unique to taxonomic features. We use word-stemming and stopword-removal techniques to reduce the dimensions of the feature space formed by CVEs and develop a data fusion and cleansing process to eliminate data inconsistencies to improve classification performance. The CVE classification produced by the proposed framework reveals that the majority of the Internet security loopholes are harbored by a small set of services. Moreover, it becomes evident that the widespread deployment of security devices provides many additional attack points as such devices demonstrate a great mount of vulnerabilities. Finally, the CVE Classifier points out that remotely exploitable security loopholes continue to dominate the CVEs landscape.

Key Words: common vulnerabilities and exposures (CVEs) • taxonomic features and categorization • support vector machine (SVM) • classification accuracy and F-measure

---

Handling editors: Ethem Alpaydin, Alison Bentley and Florence Leroy

CiteULike    Connotea    Del.icio.us    What's this?

Online ISSN 1460-2067 - Print ISSN 0010-4620

Copyright © 2009 British Computer Society

Oxford Journals Oxford University Press

• Site Map
• Privacy Policy
• Frequently Asked Questions

Other Oxford University Press sites: Oxford University Press Oxford Journals China Oxford Journals Japan American National Biography Booksellers' Information Service Children's Fiction and Poetry Children's Reference Corporate & Special Sales Dictionaries Dictionary of National Biography Digital Reference English Language Teaching Higher Education Textbooks Humanities International Education Unit Law Medicine Music Online Products Oxford English Dictionary Reference Rights and Permissions Science School Books Social Sciences Very Short Introductions World's Classics