@inproceedings{ab026b047c7f4a239004fdd075218fc4,
title = "Analysis of vulnerability correlation based on data fitting",
abstract = "Discovering the correlation between vulnerability is a significant method of vulnerability analysis. The traditional way focuses on single vulnerability rather than considers the relationship between several vulnerabilities. That may spend much time but achieve a poor effect. This paper presents a new method working on the vulnerability distribution data. This method applies logarithmic normal distribution to the distribution data of different categories of vulnerability to calculate their correlation coefficient. Then, the correlativity between different vulnerability classifications could be qualitatively determined. The experiment was performed on two types of vulnerability database, namely CNNVD and SecurityFocus. The correlativity of different vulnerability classification obtained by the proposed method is verified both quantitative and qualitative ways. The results highlight the effectiveness of the proposed method.",
keywords = "CNNVD, Correlation coefficient, Correlativity, Logarithmic normal distribution, SecurityFocus, Vulnerability correlation",
author = "Long Wang and Rui Ma and Gao, {Hao Ran} and Wang, {Xia Jing} and Hu, {Chang Zhen}",
note = "Publisher Copyright: {\textcopyright} Springer Nature Singapore Pte Ltd. 2017.; 11th Chinese Conference on Trusted Computing and Information Security, CTCIS 2017 ; Conference date: 14-09-2017 Through 17-09-2017",
year = "2017",
doi = "10.1007/978-981-10-7080-8_13",
language = "English",
isbn = "9789811070792",
series = "Communications in Computer and Information Science",
publisher = "Springer Verlag",
pages = "165--180",
editor = "Fei Yan and Ming Xu and Shaojing Fu and Zheng Qin",
booktitle = "Trusted Computing and Information Security - 11th Chinese Conference, CTCIS 2017, Proceedings",
address = "Germany",
}