A Method for Vulnerability Database Quantitative Evaluation 被引量：1

下载PDF

导出

摘要 During system development,implementation and operation,vulnerability database technique is necessary to system security;there are many vulnerability databases but a lack of quality standardization and general evaluation method are needed.this paper summarized current international popular vulnerability databases,systematically introduced the present situation of current vulnerability databases,and found the problems of vulnerability database technology,extracted common metrics by analyzing vulnerability data of current popular vulnerability databases,introduced 4 measure indexes:the number scale of vulnerabilities,the independence level,the standardization degree and the integrity of vulnerability description,proposed a method for vulnerability database quantitative evaluation using SCAP protocol and corresponding standard,analyzed a large number of vulnerabilities in current popular vulnerability database,quantitative evaluated vulnerability database by the law of normal distribution,the experimental results show this method has strong versatility and science,and it is beneficial to improve the quality and standardization construction for vulnerability database development.

作者 Tiantian Tan Baosheng Wang Yong Tang Xu Zhou Jingwen Han

机构地区 National University of Defense Technology University of British Columbia

出处《Computers, Materials & Continua》 SCIE EI 2019年第9期1129-1144,共16页 计算机、材料和连续体（英文）

基金 This work is supported by the National Key R&D Program of China under Grants 2017YFB 0802300 The National Natural Science Fund(No.0901065614001).

关键词 Vulnerability management vulnerability database quantitative evaluation

分类号 TP3 [自动化与计算机技术—计算机科学与技术]

引文网络
相关文献

参考文献4

1刘运,蔡志平,钟平,殷建平,程杰仁.基于条件随机场的DDoS攻击检测方法[J].软件学报,2011,22(8):1897-1910. 被引量：14
2欧鑫凤,胡铭曾,张涛,张永铮.弱点数据库的建构及其应用研究[J].计算机应用研究,2007,24(3):213-214. 被引量：3
3杨刚,温涛,张玉清.Android漏洞库的设计与实现[J].信息网络安全,2015(9):240-244. 被引量：6
4张玉清,吴舒平,刘奇旭,梁芳芳.国家安全漏洞库的设计与实现[J].通信学报,2011,32(6):93-100. 被引量：24

二级参考文献42

1张永铮,云晓春,胡铭曾.基于特权提升的多维量化属性弱点分类法的研究[J].通信学报,2004,25(7):107-114. 被引量：35
2杨洪路,刘海燕,贺振中.脆弱性数据库系统的设计及构建[J].计算机工程,2004,30(9):195-196. 被引量：3
3徐明,陈纯,应晶.一个两层马尔可夫链异常入侵检测模型(英文)[J].软件学报,2005,16(2):276-285. 被引量：7
4孙钦东,张德运,高鹏.基于时间序列分析的分布式拒绝服务攻击检测[J].计算机学报,2005,28(5):767-773. 被引量：55
5周东清,张海锋,张绍武,胡祥培.基于HMM的分布式拒绝服务攻击检测方法[J].计算机研究与发展,2005,42(9):1594-1599. 被引量：15
6王晓甜,张玉清.安全漏洞自动收集系统的设计与实现[J].计算机工程,2006,32(20):177-179. 被引量：10
7National vulnerability database[EB/OL], http://nvd.nisLgov/. 被引量：1
8Sccurityfoucs[EB/OL]. http://www.sccurityfocus.com/bid/. 被引量：1
9IBM ISS X-force[EB/OL]. http://xforce.iss.netL. 被引量：1
10Socunia[EB/OL]. http://secunia.com/. 被引量：1

共引文献41

1刘奇旭,张翀斌,张玉清,张宝峰.安全漏洞等级划分关键技术研究[J].通信学报,2012,33(S1):79-87. 被引量：36
2李迎涛,马春光,付韬.网络安全中的积极防御探讨[J].保密科学技术,2012,0(8):61-65.
3熊伟.基于网络流量的入侵检测研究[J].福建电脑,2012,28(2):13-14.
4熊伟.基于小波的网络流量异常协同相变检测[J].计算机应用,2012,32(8):2271-2274. 被引量：1
5于明,王东菊.TCP DDoS攻击流的源端网络可检测性分析[J].山东大学学报（理学版）,2012,47(11):50-53. 被引量：2
6廖晓锋,王永吉,范修斌,吴敬征.基于LDA主题模型的安全漏洞分类[J].清华大学学报（自然科学版）,2012,52(10):1351-1355. 被引量：11
7王新生,张锦平.基于小波分析与信息熵的DDoS攻击检测算法[J].计算机应用与软件,2013,30(6):307-311. 被引量：6
8赵小欢,夏靖波,郭威武,杜华桦.基于多维信息熵值的DDoS攻击检测方法[J].空军工程大学学报（自然科学版）,2013,14(3):58-62. 被引量：4
9陈世文,邬江兴,黄万伟.融合规则的条件随机场DDoS攻击检测方法[J].计算机工程与应用,2013,49(17):9-11. 被引量：1
10张昊星,孙应飞.通用Web漏洞库[J].计算机系统应用,2013,22(11):62-69. 被引量：4

同被引文献11

1吴舒平,张玉清.漏洞库发展现状的研究及启示[J].计算机安全,2010(11):82-84. 被引量：10
2张玉清,吴舒平,刘奇旭,梁芳芳.国家安全漏洞库的设计与实现[J].通信学报,2011,32(6):93-100. 被引量：24
3刘奇旭,张玉清,宫亚峰,王宏.安全漏洞标识与描述规范的研究[J].信息网络安全,2011(7):4-6. 被引量：6
4高建波,张保稳,陈晓桦,罗铮.Ontology-Based Model of Network and Computer Attacks for Security Assessment[J].Journal of Shanghai Jiaotong university(Science),2013,18(5):554-562. 被引量：3
5KOU Guang,WANG Shuo,TANG Guangming.Research on Key Technologies of Network Security Situational Awareness for Attack Tracking Prediction[J].Chinese Journal of Electronics,2019,28(1):162-171. 被引量：8
6Xin-Li Yang,David Lo,Xin Xia,Qiao Huang,Jian-Ling Sun.High-Impact Bug Report Identification with Imbalanced Learning Strategies[J].Journal of Computer Science & Technology,2017,32(1):181-198. 被引量：6
7杨刚.漏洞库现状分析及质量评价[J].电信网技术,2018(2):6-15. 被引量：3
8Yan Jia,Yulu Qi,Huaijun Shang,Rong Jiang,Aiping Li.A Practical Approach to Constructing a Knowledge Graph for Cybersecurity[J].Engineering,2018,4(1):53-60. 被引量：33
9张一帆,汤恩义,苏琰梓,杨开懋,匡宏宇,陈鑫.自然语言数据驱动的智能化软件安全评估方法[J].软件学报,2018,29(8):2336-2349. 被引量：3
10贾培养,孙鸿宇,曹婉莹,伍高飞,王文杰.开源软件漏洞库综述[J].信息安全研究,2021,7(6):566-574. 被引量：10

引证文献1

1曹旭栋,黄在起,陈禹劼,王文杰,史慧洋,李书豪,张玉清.安全漏洞库构建及应用研究综述[J].计算机学报,2024,47(5):1082-1119.

1Nora Munguia,Luis Velazquez,Rafael Perez,Daniel Rincón,Martha Marin,Biagio F. Giannetti,Cecília M. V. B. Almeida,Feni Agostinho.Sustainability Assessment of Alternatives for Heat Generation and Transfer in Saunas[J].Journal of Environmental Protection,2015,6(12):1378-1393.
2Claudio F.Mahler,Erika Varanda,Luiz C.D.de Oliveira.Analytical Model of Landslide Risk Using GIS[J].Open Journal of Geology,2012,2(3):182-188.
3Sasith M. Rajasooriya,Chris. P. Tsokos,Pubudu Kalpani Kaluarachchi.Cyber Security: Nonlinear Stochastic Models for Predicting the Exploitability[J].Journal of Information Security,2017,8(2):125-140. 被引量：1
4Mario Calín Sánchez,Juan Manuel Carrillo de Gea,José Luis Fernández-Alemán,Jesús Garcerán,Ambrosio Toval.Software Vulnerabilities Overview:A Descriptive Study[J].Tsinghua Science and Technology,2020,25(2):270-280. 被引量：2
5Hiroyuki Okamura,Masataka Tokuzane,Tadashi Dohi.Quantitative Security Evaluation for Software System from Vulnerability Database[J].Journal of Software Engineering and Applications,2013,6(4):15-23.
6Lei Liu,Wei-Min Zheng.The optimization of satellite orbit for Space-VLBI observation[J].Research in Astronomy and Astrophysics,2021,21(2):97-104. 被引量：1
7Guo-Liang Li,Dong Deng,Ju Fan.Preface[J].Journal of Computer Science & Technology,2021,36(4):719-720.
8Instructions for Authors[J].Global Energy Interconnection,2021,4(5).
9Huiliang Wang,Keyu Lu,Chenyang Shen,Xiaoguang Song,Bin Hu,Gang Liu.Human health risk assessment of groundwater nitrate at a two geomorphic units transition zone in northern China[J].Journal of Environmental Sciences,2021,33(12):38-47. 被引量：2
10Shiyuan Xu,Xue Chen,Yunhua He.EVchain: An Anonymous Blockchain-Based System for Charging–Connected Electric Vehicles[J].Tsinghua Science and Technology,2021,26(6):845-856. 被引量：3

Computers, Materials & Continua

2019年第9期

浏览历史

内容加载中请稍等...