A Risk-Aware Automated Framework for Correlated Vulnerability Detection via Multi-Tool Security Analysis

Automated vulnerability scanning tools are popular for vulnerability assessment in web and networked applications. However, most of the existing tools are standalone and produce heterogeneous results with high redundancy and low prioritization, making the task of security analysts more complex. This paper proposes AVD-FW, an automated vulnerability detection and visualization framework that combines the results of various security scanning tools using a common vulnerability abstraction model. The proposed framework normalizes the results of the scanning tools, removes redundancy using correlation-based aggregation, and assigns confidence-based risk scores for effective prioritization. The proposed framework is evaluated using a controlled dataset of 100 authorized benchmark targets scanned from popular vulnerable platforms. Experimental results show that AVD-FW outperforms the existing standalone scanning tools like OWASP ZAP, Nuclei, and Nmap in terms of vulnerability detection coverage, removal of duplicate results, and confidence scores.