The fuzzy common vulnerability scoring system (F-CVSS) based on a least squares approach with fuzzy logistic regression

Abstract

This study presents a new approach for calculations within the Common Vulnerability Scoring System that scoring the effects of vulnerabilities in software on the security status. These calculations is the method that is most commonly used in scoring software vulnerabilities. The present model demonstrates how software security vulnerabilities can be calculated using linguistic terms. Therefore, the proposed method has a more flexible structure than this system. The current Common Vulnerability Scoring System formula and scores were used to assess and implement the presented model. The aim was to form a fuzzy model called the Fuzzy Common Vulnerability Scoring System based on the success probabilities which are defined using linguistic terms such as low, very low or high. Moreover, the Fuzzy Logistic Regression (FLR) method was used to define the relationship between the exact inputs and fuzzy multiple outputs, and the Least Squares Method was used to estimate the parameters of the presented model. The performance of the model was evaluated by a comparison using Mean Squared Error (MSE), Mean Absolute Error (MAE), and Kim and Bishu’s criterion. Validity of the fuzzy regression model is demonstrated with different fitness functions. The expectation was that more practical estimations with better error tolerance can be achieved by using linguistic terms to assess common vulnerabilities.