|
Topic |
|
|
|
1.1 OpenSSL Heartbleed |
|
1.2 Naive Bayes Classifier |
|
1.3 Vulnerability |
|
1.4 Types of Vulnerabilities |
|
|
|
2.1 Introduction to Survey Report |
|
2.2 General Survey |
|
|
|
3.1 How the Heartbeat Works |
|
3.2 Data Leakage Leading to Heartbleed |
|
3.3 Code Fix |
|
3.4 Real world Impact of Heartbleed |
|
3.5 Factors to Determine Severity of a Vulnerability- Common Vulnerability Scoring System (CVSS) |
|
3.6 Naive Bayes Classification |
|
|
|
4.1 Algorithm for Predicting severity/Threat of Exploitation Using Naïve Bayes Approach |
|
4.2 Frequency Table for Some Common Vulnerabilities Based on CVSS (Version 2) parameters |
|
4.3 Likelihood Table for Finding the Probabilities of Various CVSS (Version2) Parameters |
|
4.4 Using Naive Bayes Equation to Calculate the Posterior Probability for a Sample class of Vulnerability, to predict its Severity |
|
5.1 Checking Heartbleed Vulnerability with nmap in Kali Linux |
|
5.2 Exploiting Heartbleed Vulnerability with Metasploit |
|
5.3 Output of Naive Bayes Method for Prediction of Severity of Exploitation for OpenSSL Heartbleed Vulnerability |
|
5.4 C# Code Segments for Predicting Severity/Threat of Exploitation Using Naive Bayes Approach |
|
|
|
6.1 Conclusions |
|
6.2 Recommendations |
|
|
|
S.No. |
Title |
|
Graphic 1 and 2 shows the Heartbleed code |
|
|
Memory Leak |
|
|
The OpenSSL code fix for the Heartbleed bug |
|
|
OpenSSL Security Advisory |
|
|
Exploiting the Heartbleed Vulnerability |
|
S.No. |
Title |
|
CVSS (Version 2) Base Metrics, with definitions from Mell et al. (2007) |
|
|
Frequency table for some common vulnerabilities using CVSS (Version 2) Base Metrics |
|
|
Likelihood table for calculation of probabilities of CVSS ( Version 2) Parameters |