CFP last date
20 May 2024
Call for Paper
June Edition
IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

Trend Analysis of the CVE Classes Across CVSS Metrics

by Bindu Dodiya, Umesh Kumar Singh, Vivaan Gupta
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 183 - Number 33
Year of Publication: 2021
Authors: Bindu Dodiya, Umesh Kumar Singh, Vivaan Gupta
10.5120/ijca2021921718

Bindu Dodiya, Umesh Kumar Singh, Vivaan Gupta . Trend Analysis of the CVE Classes Across CVSS Metrics. International Journal of Computer Applications. 183, 33 ( Oct 2021), 23-30. DOI=10.5120/ijca2021921718

@article{ 10.5120/ijca2021921718,
author = { Bindu Dodiya, Umesh Kumar Singh, Vivaan Gupta },
title = { Trend Analysis of the CVE Classes Across CVSS Metrics },
journal = { International Journal of Computer Applications },
issue_date = { Oct 2021 },
volume = { 183 },
number = { 33 },
month = { Oct },
year = { 2021 },
issn = { 0975-8887 },
pages = { 23-30 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume183/number33/32145-2021921718/ },
doi = { 10.5120/ijca2021921718 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:18:37.473736+05:30
%A Bindu Dodiya
%A Umesh Kumar Singh
%A Vivaan Gupta
%T Trend Analysis of the CVE Classes Across CVSS Metrics
%J International Journal of Computer Applications
%@ 0975-8887
%V 183
%N 33
%P 23-30
%D 2021
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Understanding vulnerability trends is important for risk management process.. Understanding trends helps in early detection of problems and also in planning defense mechanisms. In this paper analysis of the trends of Common Vulnerabilities and Exposures (CVE) from the National Vulnerability Database (NVD) for 2005 to 2020 has presented. 136566 CVEs has been extracted for sixteen years, also their Common Vulnerability Scoring System (CVSS) scores has been collected from the NVD, then analysis of severity, and CVSS base metrics trends ,and trends for classified vulnerability data has been done . Such analysis of vulnerability data according to their type, CIA impact, access vector and access complexity helpful in identifying most critical class of vulnerability relative to system environment and improve risk mitigation process.

References
  1. G Stoneburner, A Goguen, and A Feringa, “Risk Management Guide for Information Technology Systems”, NIST Special Publication 800- 30, July 2002, Available: http://csrc.nist.gov/publi cations/nistpubs/800-30/sp800-30.pdf
  2. Richard Kuhn, M S Raunak and Raghu Kacker” An Analysis of Vulnerability Trends, 2008 – 2016”, Proceedings, Software Quality, Reliability and Security (QRS-C), 2017 IEEE International Conference on (pp. 587-588).
  3. R. Kuhn and Chris Johnson, “Vulnerability Trends: Measuring Progress”, IT Professional, 2010, pp. 51-53.
  4. National Vulnerability Database, http://nvd.nist.gov.
  5. Common Vulnerabilities and Exposures. [Online]. Available:http://cve.mitre.org
  6. Common Weakness Enumeration. [Online]. Available: http://cwe.mitre.org
  7. “NVD Common Vulnerability Scoring System Support v2”, National Vulnerability Database, Available:https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?version=3
  8. R. Gopalakrishna, E. Spafford and J. Vitek, “A Trend Analysis of Vulnerabilities”, CERIAS TR 2005-06, 2005.
  9. Tim Shimeall and Phil Williams, “Models of Information Security Trend Analysis”, Available at http://www.cert.org/archive/pdf/info-security.pdf.
  10. Tripathi, A. Singh, U.K., “ Analyzing Trends in Vulnerability Classes across CVSS Metrics”, International Journal of Computer Applications (0975 – 8887) Volume 36– No.3, December 2011.
Index Terms

Computer Science
Information Sciences

Keywords

Vulnerability Trend analysis CVSS metrics CWE NVD.

Powered by PhDFocusTM