Network attackers exploit software vulnerabilities on network computers to facilitate successful attacks. There are many types of software vulnerabilities, with differences in various attributes, including the level of authorization needed for execution, the impact on the target network, the complexity of the exploit, and others. Without software vulnerabilities, attacks would not be possible. Therefore, understanding these vulnerabilities holds the key to configuring secure computer networks.

Many organizations keep track of the various existing software vulnerabilities in the form of vulnerability databases. These databases maintain a wealth of information in connection with specific vulnerabilities. Data collected may include when the vulnerability first appeared, which programs or operating systems are affected, what effects a successful exploit would have on the target network, and whether a patch for the vulnerable software is available. However, each different database may record different vulnerability attributes, and categorizing vulnerabilities is difficult due to the large number of different attributes maintained.

By mining and comparing the existing online vulnerability databases, we will be able to identify critical vulnerability features. Furthermore, analysis of these features will allow us to propose a standardization strategy for vulnerability classification.