A Framework For Classification Software Security Using Common Vulnerabilities And Exposures
The main research aim is to investigate what information is necessary to make a formal vulnerability pattern representation.This is done through the usage of formal Backus-Naur-Form syntax for the execution and presented with newly created vulnerability flow diagram.Some future works were also propo...
Saved in:
Main Author: | |
---|---|
Format: | Thesis |
Language: | English English |
Published: |
2018
|
Subjects: | |
Online Access: | http://eprints.utem.edu.my/id/eprint/23353/1/A%20Framework%20For%20Classification%20Software%20Security%20Using%20Common%20Vulnerrabilities%20And%20Exposures.pdf http://eprints.utem.edu.my/id/eprint/23353/2/A%20Framework%20For%20Classification%20Software%20Security%20Using%20Common%20Vulnerabilities%20And%20Exposures.pdf http://eprints.utem.edu.my/id/eprint/23353/ http://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=113299 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Universiti Teknikal Malaysia Melaka |
Language: | English English |
Summary: | The main research aim is to investigate what information is necessary to make a formal vulnerability pattern representation.This is done through the usage of formal Backus-Naur-Form syntax for the execution and presented with newly created vulnerability flow diagram.Some future works were also proposed to further enhance the elements in the secured soft-ware process framework.This thesis focuses on the research and development of the design, formalization and translation of the vulnerability classification pattern through a framework using common vulnerabilities and exposures data.To achieve this aim, the following work was carried out.First step is to create and conceptualized necessary meta-process.Second step is to specify the relationship between the classifiers and vulnerability classification pat-terns. This inclusive of the investigation of vulnerability classification objectives,processes,classifiers and focus domains among prominent framework.Final step is to construct the framework by establishing the formal presentation of the vulnerability classification algo-rithm.The validation process was conducted empirically using statistical method to assess the accuracy and consistency by using the precision and recall rate of the algorithm on five data sets each with 500 samples.The findings show a significant result with precision's error rate or p value is between 0.01 and 0.02 with error rate for recall's error rate is between 0.02 and 0.04.Another validation was conducted to verify the correctness of the classification by using expert opinions,and the results showed that the ambiguity of several cases were subdue. Formal-based classification framework with notation may increase accuracy and vi-sualization compared with hierarchy-tree only,but the conclusion remains tentative because of methodological limitation in the studies. |
---|