Abstract

Each vulnerability scanner (VS) represents, identifies and classifies vulnerabilities in its own way, thus making the different scanners difficult to study and compare. Despite numerous efforts by researchers and organisations to solve the disparity in vulnerability names used in the different VSs, vulnerability categories have still not been standardised. This paper highlights the importance of having a standard vulnerability category set. It also outlines an approach towards achieving this goal by generating a standard set of vulnerability categories. A data-clustering algorithm that employs artificial intelligence is used for this purpose. The significance of this research results from having an intelligent technique that aids in the generation of standardised vulnerability categories in a relatively fast way. In addition, the technique is generic in the sense that it allows one to accommodate any VS currently known on the market to create such vulnerability categories. Another benefit is that the approach followed in this paper allows one to also compare various VSs currently available on the market. A prototype is presented to verify the concept.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.