Abstract
In this paper we introduce an objective method for CVSS score calculation. CVSS is a well known and mostly used method for giving priority to software vulnerabilities. Currently it is being calculated by some slightly subjective methods which require enough skill and knowledge. This research shows how we can benefit from natural language description of vulnerabilities for CVSS calculation. The data that were used for implementation and evaluation of the proposed models consists of the available CVE vulnerability descriptions and their corresponding CVSS scores from the OSVDB database. First, feature vectors were extracted using text mining tools and techniques, and then the SVM and Random-Forest algorithms as well as fuzzy systems were examined to predict the concerned CVSS scores. In spite of the fact that SVM and Random-Forest are mostly used and trusted methods in prediction, results of this research bear a witness that using fuzzy systems can give comparable and even better results. In addition, implementation of the fuzzy based system is much easier and faster. Although so far, there have been so little efforts in using the information embedded in textual materials regarding vulnerabilities, this research shows that it will be valuable to utilize them in systems security establishment.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
