Analysis of Vulnerability Correlation Based on Data Fitting

Discovering the correlation between vulnerability is a significant method of vulnerability analysis. The traditional way focuses on single vulnerability rather than considers the relationship between several vulnerabilities. That may spend much time but achieve a poor effect. This paper presents a new method working on the vulnerability distribution data. This method applies logarithmic normal distribution to the distribution data of different categories of vulnerability to calculate their correlation coefficient. Then, the correlativity between different vulnerability classifications could be qualitatively determined. The experiment was performed on two types of vulnerability database, namely CNNVD and SecurityFocus. The correlativity of different vulnerability classification obtained by the proposed method is verified both quantitative and qualitative ways. The results highlight the effectiveness of the proposed method.