Fuzzy Heuristic Design for Diagnosis of Web-Based Vulnerabilities

摘要

The common vulnerability scoring system (CVSS) provides an open, standardized method for rating vulnerabilities. CVSS provides base-level metrics for vulnerability classification that can be used with other strategies such as intrusion detection classification to form a complete diagnostic system. This emphasizes focus on defining and representing the various strategies that can be employed to provide a formal and more practical approach to vulnerabilities assessment. The various parameters that are defined have been derived from a set of five assertions and the initial fuzzy scanner metrics (the pre-defined scanner parameters). The fuzziness of the scanner metrics allows for a greater manipulation of results before a complete diagnosis can be presented. The confidence reports (1st and 2nd degree) could be used to provide information aiding the initiation of suitable steps to be taken.