Categorizing Vulnerabilities Using Data Clustering Techniques

Vulnerability scanning is one of the proactive information security technologies in the Internet and network security domain. However, the current vulnerability scanner (VS) products differ extensively in the way that they can detect vulnerabilities, as well as in the number of vulnerabilities that they can detect. Often, VS products also declare their own vendor-specific vulnerability categories, which makes it difficult to study and compare them. Although Common Vulnerabilities and Exposures (CVE) provides a means to solve the disparate vulnerability names used in the different VS products; it does not standardize vulnerability categories. This paper presents a way to categorize the vulnerabilities in the CVE repository and proposes a solution for standardization of the vulnerability categories using a data-clustering algorithm. Any opinion, findings and conclusions or recommendations expressed in this material are those of the authors and therefore the NRF, Telkom and IST do not accept any liability thereto. 1. INTRODUCTION Nowadays, the Internet is a valuable part of our lives. It is used by millions of people everyday from all across the globe to perform online transactions, search for useful information and to communicate with other people. However, besides its power and value to us, its open and dynamic environment provides a perfect breeding ground for pernicious cyber-crimes and vicious security attacks. Five information security services are defined to implement security measures, namely, Authentication, Confidentiality, Integrity, Availability and Non-Repudiation [7]. Malicious attackers constantly look for and exploit weaknesses in computer systems in order to attack or break these security services. Those weaknesses in security systems that might be exploited to cause harm or loss are referred to as vulnerabilities [ 15]. This makes Internet security a challenging but interesting topic to research. Many information security technologies have been developed by s ecurity experts, including: Cryptography [10], Firewalls [19] and Intrusion Detection Systems [2]. Each security technology implements one or more information security services mentioned above. Vulnerability Scanners (VSs), which are also referred to as vulnerability assessment technologies are proactive information security technologies and they attempt to search for known vulnerabilities before they can be exploited by intruders [22 ]. Despite the usefulness of VSs, there are some serious issues with current VSs. A major problem is that VSs are disparate in the ways that the vulnerabilities are named and organized in the vulnerability database of each different VS. For example, one VS might call a particular vulnerability a " Trojan …