An approach towards standardising vulnerability categories

Show simple item record

dc.contributor.advisor Eloff, Jan H.P. en
dc.contributor.advisor Venter, Hein S. en
dc.contributor.postgraduate Li, Yun Lillian en
dc.date.accessioned 2013-09-07T04:30:33Z
dc.date.available 2008-08-12 en
dc.date.available 2013-09-07T04:30:33Z
dc.date.created 2007-09-05 en
dc.date.issued 2008-08-12 en
dc.date.submitted 2008-07-15 en
dc.description Dissertation (MSc (Computer Science))--University of Pretoria, 2008. en
dc.description.abstract Computer vulnerabilities are design flaws, implementation or configuration errors that provide a means of exploiting a system or network that would not be available otherwise. The recent growth in the number of vulnerability scanning (VS) tools and independent vulnerability databases points to an apparent need for further means to protect computer systems from compromise. It is important for these tools and databases to interpret, correlate and exchange a large amount of information about computer vulnerabilities in order to use them effectively. However, this goal is hard to achieve because the current VS products differ extensively both in the way that they can detect vulnerabilities and in the number of vulnerabilities that they can detect. Each tool or database represents, identifies and classifies vulnerabilities in its own way, thus making them difficult to study and compare. Although the list of Common Vulnerabilities and Exposures (CVE) provides a means of solving the disparity in vulnerability names used in the different VS products, it does not standardise vulnerability categories. This dissertation highlights the importance of having a standard vulnerability category set and outlines an approach towards achieving this goal by categorising the CVE repository using a data-clustering algorithm. Prototypes are presented to verify the concept of standardizing vulnerability categories and how this can be used as the basis for comparison of VS products and improving scan reports. en
dc.description.availability unrestricted en
dc.description.department Computer Science en
dc.identifier.citation Li, YL 2007, An approach towards standardizing vulnerability categories, MSc dissertation, University of Pretoria, Pretoria, viewed yymmdd < http://hdl.handle.net/2263/26304 > en
dc.identifier.other E848/ag en
dc.identifier.upetdurl http://upetd.up.ac.za/thesis/available/etd-07152008-134515/ en
dc.identifier.uri http://hdl.handle.net/2263/26304
dc.language.iso en
dc.publisher University of Pretoria en_ZA
dc.rights © 2007 University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. en
dc.subject Standardising vulnerabililty categories en
dc.subject Computer science en
dc.subject UCTD en_US
dc.title An approach towards standardising vulnerability categories en
dc.type Dissertation en


Files in this item

This item appears in the following Collection(s)

Show simple item record