Ranking attacks based on vulnerability analysis

Proceedings of the Annual Hawaii International Conference on System Sciences

Volumn , Issue , 2010, Pages

  Wang, Ju An ^a   Wang, Hao ^a   Guo, Minzhe ^a   Zhou, Linfeng ^a   Camargo, Jairo ^a  

^a SOUTHERN POLYTECHNIC STATE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ATTACK PATTERNS; SECURITY METRICS; SOFTWARE PRODUCTS; VULNERABILITY ANALYSIS; VULNERABILITY MANAGEMENT;

COMPUTER SOFTWARE; ONTOLOGY;

SECURITY OF DATA;

EID: 77951716672     PISSN: 15301605     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/HICSS.2010.313     Document Type: Conference Paper

References (19)

1. M. Gegick et al. Ranking Attack-prone Components with a Predictive Model Ranking Attack-prone Components with a Predictive Model: proceedings of the 19th International Symposium on Software Reliability Engineering, 2008.
2. M. Gegick et al. Prioritizing Software Security Fortification through Code-Level Security Metrics: proceedings of the 4th ACM Workshop on Quality of Protection, 2008.
3. V. Mehta et al. Ranking Attack Graphs: proceedings of Recent Advances in Intrusion Detection, 2006.
4. S. Neuhaus et al. Predicting Vulnerable Software Components, CCS'07: proceedings of the 14th ACM Conference on Computer and Communications Security, 2007.
5. Vamosi, R. 2007. Popular add-ons to Firefox are the latest criminal attack vector. CNET.com. http://news.cnet.com/8301-10784-3-9723824-7.html, accessed on August, 2009
6. J. A. Wang, M. Guo. An Ontology for Vulnerability Management: proceedings of CSIIRW'09, April 13-15, 2009, Oak Ridge, TN, USA.
7. J. A. Wang et al. Ontology-based Security Assessment for Software Products: Proceedings of CSIIRW'09, April 13-15, 2009, Oak Ridge, Tennessee, USA.
8. J. Whittaker, H. Thompson. How to Break Software Security, Jun, 2003.
9. Common Vulnerabilities and Exposures (CVE), the MITRE Corporation. http://cve.mitre.org/
10. Common Platform Enumeration (CPE), the MITRE Corporation. http://cpe.mitre.org/, accessed on May, 2009.
11. Common Weakness Enumeration (CWE), the MITRE Corporation. http://cwe.mitre.org/, accessed on May, 2009.
12. Common Vulnerability Scoring System (CVSS), the MITRE Corporation. http://www.first.org/cvss/, accessed on May, 2009
13. Common Attack Pattern Enumeration and Classification (CAPEC), the MITRE Corporation. http://capec.mitre.org/, accessed on May, 2009.
14. Common Weakness Enumeration (CWE), the MITRE Corporation. Top 25 Most Dangerous Programming Errors. http://cwe.mitre.org/, revised on August, 2009
15. NIST, Information Security Automation Program (ISAP), Automating Vulnerability Management, Security Measurement, and Compliance, Version 1.0 Beta, revised on May 22, 2007.
16. SANS Institute, SANS Top-20 2007 Security Risks, Version 8.0, November 28, 2007. Web Page: http://www.sans.org/top20/, accessed on May, 2009.
17. NHS and NIST, National Vulnerability Database (NVD), automating vulnerability management, security measurement, and compliance checking, http://nvd.nist.gov/scap.cfm, accessed on May, 2009
18. CERT, Computer Emergency Response Team at Carnegie Mellon University's Software Engineering Institute. http://www.cert.org/stats/
19. Spybot - Search & Destroy (S&D) forum. http://forums.spybot.info/ blog.php?b=5, accessed on August, 2009.