Measuring Similarity for Security Vulnerabilities

摘要

As the number of software vulnerabilities increases year by yean software vulnerability becomes a focusing point in information security. This paper proposes a vulnerability similarity measurement to compare different vulnerabilities according to a set of criteria. Our approach is based on the structural hierarchy of vulnerabilities, and the similarity is defined using established mathematical models. The National Vulnerability Database and the Ontology of Vulnerability Management provide the information necessary for the similarity calculation. The similarity measurement can be used in many areas of vulnerability management, such as vulnerability classification, mitigation, and patching.