Woo et al., 2011 - Google Patents
Modeling vulnerability discovery process in Apache and IIS HTTP serversWoo et al., 2011
View PDF- Document ID
- 13398467925511283180
- Author
- Woo S
- Joh H
- Alhazmi O
- Malaiya Y
- Publication year
- Publication venue
- Computers & Security
External Links
Snippet
Vulnerability discovery models allow prediction of the number of vulnerabilities that are likely to be discovered in the future. Hence, they allow the vendors and the end users to manage risk by optimizing resource allocation. Most vulnerability discovery models proposed use the …
- 238000000034 method 0 title abstract description 16
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3409—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation; Recording or statistical evaluation of user activity, e.g. usability assessment for performance assessment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30067—File systems; File servers
- G06F17/30129—Details of further file system functionalities
- G06F17/30144—Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30286—Information retrieval; Database structures therefor; File system structures therefor in structured data stores
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Error detection; Error correction; Monitoring responding to the occurence of a fault, e.g. fault tolerance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
- G06F17/18—Complex mathematical operations for evaluating statistical data, e.g. average values, frequency distributions, probability functions, regression analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Woo et al. | Modeling vulnerability discovery process in Apache and IIS HTTP servers | |
| Zhu et al. | Measuring and modeling the label dynamics of online {Anti-Malware} engines | |
| Alhazmi et al. | Measuring, analyzing and predicting security vulnerabilities in software systems | |
| Alhazmi et al. | Quantitative vulnerability assessment of systems software | |
| US9832214B2 (en) | Method and apparatus for classifying and combining computer attack information | |
| Alhazmi et al. | Application of vulnerability discovery models to major operating systems | |
| Manadhata et al. | Measuring the attack surfaces of two FTP daemons | |
| US20190073483A1 (en) | Identifying sensitive data writes to data stores | |
| Jiang et al. | Evaluating the data inconsistency of open-source vulnerability repositories | |
| Younis et al. | Comparing and evaluating CVSS base metrics and microsoft rating system | |
| US20150007330A1 (en) | Scoring security risks of web browser extensions | |
| Woo et al. | Assessing vulnerabilities in Apache and IIS HTTP servers | |
| Alhazmi et al. | Measuring and enhancing prediction capabilities of vulnerability discovery models for Apache and IIS HTTP servers | |
| Elder et al. | A survey on software vulnerability exploitability assessment | |
| Palko et al. | Model of information security critical incident risk assessment | |
| Shukla et al. | Vulnerability discovery modelling with vulnerability severity | |
| Anand et al. | Modeling software vulnerability discovery process inculcating the impact of reporters | |
| Alhazmi et al. | Security vulnerability categories in major software systems. | |
| Janiszewski et al. | A novel approach to national-level cyber risk assessment based on vulnerability management and threat intelligence | |
| Householder et al. | Are we skillful or just lucky? Interpreting the possible histories of vulnerability disclosures | |
| Dambra et al. | A comparison of systemic and systematic risks of malware encounters in consumer and enterprise environments | |
| So et al. | Lost in the Mists of Time: Expirations in DNS Footprints of Mobile Apps | |
| Liu et al. | Empirical relation between coupling and attackability in software systems: a case study on DOS | |
| Paramitha et al. | Technical leverage analysis in the Python ecosystem | |
| Bhatt et al. | Categorization of Vulnerabilities in a Software |