<div dir="ltr">Dear Alex, <div><br></div><div>Thank you for your reply. </div><div>As you said, It is a two-step process. At the moment, I want to focus at the first step, Then I want to use AI to generate exploit somewhat.</div>
<div>Now, I want to focus on the predicting of the class automatically. Before that I must cluster (Grouping) the vulnerabilities because :</div><div><br></div><div>1) There is <u><b>no standard</b></u> for different vulnerabilities databases. each vuln database has its own categories.</div>
<div>2) The <u><b>total number</b></u> of vulnerabilities is high each day (<span style="background-color:rgb(255,255,255);color:rgb(85,85,85);font-family:arial,helvetica,sans-serif;font-size:12px;line-height:14.383333206176758px"> </span><span style="background-color:rgb(255,255,255);color:rgb(85,85,85);font-family:arial,helvetica,sans-serif;font-size:12px;line-height:14.383333206176758px"><a href="http://www.symantec.com/threatreport/topic.jsp?id=vulnerability_trends&aid=total_number_of_vulnerabilities">the number of vulnerabilities reported in January 2012, amounts to 488</a></span>). so it is a cumbersome task.</div>
<div>3) Working with words in AI applications has many challenges (finding <b><u>useful words</u></b> to help classification and clustering)</div><div><br></div><div>Don't you agree with me that even the first step is useful and is not easy ? </div>
<div>
<br><br><div class="gmail_quote">On Sat, Oct 13, 2012 at 8:18 PM, Alex Brook <span dir="ltr"><<a href="mailto:mailforalexb@googlemail.com" target="_blank">mailforalexb@googlemail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p>Hi Mansour,</p>
<p>How would you generate the exploit automatically? I think class of the exploit is simple enough but perhaps automatic generation of the exploit not so easy. Would there not be some variables?</p><span class="HOEnZb"><font color="#888888">
<p>Alex.</p></font></span><div class="HOEnZb"><div class="h5">
<div class="gmail_quote">On Oct 13, 2012 12:22 PM, "Mansour Ahmadi" <<a href="mailto:mansourweb@gmail.com" target="_blank">mansourweb@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Dear Sullo,<div><br></div><div>Thank you for your reply.</div><div><br></div><div>I mean, I want to detect the lable (class or category) of a vulnerability automatically. for example, In OSVDB or CVE, If a new bug release, I predict what is the calss of it (SQL inj, XSS, ...). then, generate the exploit of it automatically.</div>
<div><br></div><div>Do you think is it possible and useful ?</div><div><br></div><div>Thanks a lot<br><br><div class="gmail_quote">On Sat, Oct 13, 2012 at 4:39 AM, Sullo <span dir="ltr"><<a href="mailto:csullo@gmail.com" target="_blank">csullo@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I'm not sure I follow what you mean about "clustering" them... could you explain a bit further?<div><br>
</div>
<div>Thanks,</div><div>Sullo<br><br><div class="gmail_quote"><div><div>On Sun, Oct 7, 2012 at 3:38 PM, Mansour Ahmadi <span dir="ltr"><<a href="mailto:mansourweb@gmail.com" target="_blank">mansourweb@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr">Dear Friends,
<div><br></div><div><div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">I want to cluster OSVDB vulnerabilities with a novel algorithm. if I cluster the vulnerabilities, how it can help Nikto ? Is it useful or not ?</div>
<div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif"><br></div><div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">
Thank you so much</div></div></div>
<br></div></div>_______________________________________________<br>
Nikto-discuss mailing list<br>
<a href="mailto:Nikto-discuss@attrition.org" target="_blank">Nikto-discuss@attrition.org</a><br>
<a href="https://attrition.org/mailman/listinfo/nikto-discuss" target="_blank">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
<br></blockquote></div><span><font color="#888888"><br><br clear="all"><div><br></div>-- <br><br><a href="http://www.cirt.net" target="_blank">http://www.cirt.net</a> | <a href="http://richsec.com/" target="_blank">http://richsec.com/</a><br>
</font></span></div>
</blockquote></div><br></div></div>
<br>_______________________________________________<br>
Nikto-discuss mailing list<br>
<a href="mailto:Nikto-discuss@attrition.org" target="_blank">Nikto-discuss@attrition.org</a><br>
<a href="https://attrition.org/mailman/listinfo/nikto-discuss" target="_blank">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
<br></blockquote></div>
</div></div></blockquote></div><br></div></div>