Fuzzy Model for Common Vulnerability Scoring System

Abstract

The Common Vulnerability Scoring System (CVSS) is a widely used open standard for measuring the severity of software vulnerabilities based on defined metric values. It uses optimized equations to combine several aspects of a vulnerability to derive the score. In this paper the possibility of implementing this CVSS calculator in fuzzy logic is discussed, using the Fuzzy Logic toolbox from MATLAB extended in Simulink environment.The model is evaluated by comparing the results of both systems for a few test cases. The possibility of implementing an optimized CVSS calculator using Fuzzy logic is discussed.Taking advantage of the possibility available in Fuzzy logic we discuss the possibility to extend the calculator with domain-specific metrics.