Evaluation of Vulnerability Severity Based on Rough Sets and Attributes Reduction

Fu Zhiyao; Gao Ling; Sun Qian; Li Yang; Gao Ni

doi:10.7544/issn1000-1239.2016.20150065

Journal of Computer Research and Development > 2016 > 53(5): 1009-1017. > DOI: 10.7544/issn1000-1239.2016.20150065

Fu Zhiyao, Gao Ling, Sun Qian, Li Yang, Gao Ni. Evaluation of Vulnerability Severity Based on Rough Sets and Attributes Reduction[J]. Journal of Computer Research and Development, 2016, 53(5): 1009-1017. DOI: 10.7544/issn1000-1239.2016.20150065

Citation:

PDF (1170 KB)

Evaluation of Vulnerability Severity Based on Rough Sets and Attributes Reduction

(School of Information Science and Technology, Northwest University, Xi’an 710127)

More Information

Published Date: April 30, 2016

Graphical Abstract

Abstract

Abstract

Computer vulnerability is a major hidden danger which endangers the safety of the network, and will attack the system by system configuration mistakes, system design flaws or software bugs. Due to a variety of factors which can produce vulnerability, there are many attributes associated with vulnerability, and it is difficult to shift attributes which are more relevant. It is also a hard problem to calculate attribute weights objectively which doesn’t depend on expert experience or prior knowledge. A new method named RAR of vulnerability assessment is proposed to shift vulnerability attributes and evaluate severity objectively. The attributes reduction for decision-making of vulnerability assessment is found depended on the discriminate matrix in rough sets theory. Then evaluate the vulnerability severity based on attributes comprehensive evaluation system theory. Finally we can get a binary group to represent qualitative evaluation and quantitative evaluation value of vulnerability. The result shows this method avoids the subjective choice for vulnerability attributes and the dependence of experts prior knowledge, and it satisfies for attributes reduction and attribute weights. And it is also accurate and effective for qualitative analysis and quantitative analysis of the vulnerability.
- vulnerability,
- network security,
- rough sets,
- attributes reduction,
- assessment of vulnerability

FullText(HTML)

References (0)

[1]	Wu Zehui, Wei Qiang, Wang Xinlei, Wang Yunchao, Yan Chenyu, Chen Jing. Survey of Automatic Software Vulnerability Exploitation[J]. Journal of Computer Research and Development, 2024, 61(9): 2261-2274. DOI: 10.7544/issn1000-1239.202220410
[2]	Chen Xiaoquan, Liu Jian, Xia Xiangyu, Zhou Shaoxiang. A Vulnerability Detection Approach Based on Comparative Learning[J]. Journal of Computer Research and Development, 2023, 60(9): 2152-2168. DOI: 10.7544/issn1000-1239.202220140
[3]	Zhou Peng, Wu Yanjun, Zhao Chen. Identify Linux Security Vulnerability Fix Patches Automatically[J]. Journal of Computer Research and Development, 2022, 59(1): 197-208. DOI: 10.7544/issn1000-1239.20200492
[4]	Wang Nian, Peng Zhenghong, Cui Li. EasiFFRA: A Fast Feature Reduction Algorithm Based on Neighborhood Rough Set[J]. Journal of Computer Research and Development, 2019, 56(12): 2578-2588. DOI: 10.7544/issn1000-1239.2019.20180541
[5]	Lei Kenan, Zhang Yuqing, Wu Chensi, Ma Hua. A System for Scoring the Exploitability of Vulnerability Based Types[J]. Journal of Computer Research and Development, 2017, 54(10): 2296-2309. DOI: 10.7544/issn1000-1239.2017.20170457
[6]	Zhang Yuqing, Fang Zhejun, Wang Kai, Wang Zhiqiang, Yue Hongzhou, Liu Qixu, He Yuan, Li Xiaoqi, Yang Gang. Survey of Android Vulnerability Detection[J]. Journal of Computer Research and Development, 2015, 52(10): 2167-2177. DOI: 10.7544/issn1000-1239.2015.20150572
[7]	Liu Qixu, Wen Tao, Wen Guanxing. Detection of XSS Vulnerabilities in Online Flash[J]. Journal of Computer Research and Development, 2014, 51(7): 1624-1632.
[8]	Yang Dingning, Xiao Hui, and Zhang Yuqing. Vulnerability Detection in ActiveX Controls Based on Fuzzing Technology[J]. Journal of Computer Research and Development, 2012, 49(7): 1525-1532.
[9]	Nie Chujiang, Zhao Xianfeng, Chen Kai, Han Zhengqing. An Software Vulnerability Number Prediction Model Based on Micro-Parameters[J]. Journal of Computer Research and Development, 2011, 48(7): 1279-1287.
[10]	Shang Lin, Wan Qiong, Yao Wangshu, Wang Jingen, Chen Shifu. An Approach for Reduction of Continuous-Valued Attributes[J]. Journal of Computer Research and Development, 2005, 42(7): 1217-1224.