Vulnerability Evaluation Based on CVSS and Environmental Information Statistics

被引:0
|
作者
Wang, Shuguang [1 ]
Xia, Chunhe [1 ]
Gao, Jinghua [1 ]
Jia, Qiong [1 ]
机构
[1] Beihang Univ, Sch Comp Sci, Beijing Key Lab Network Technol, Beijing, Peoples R China
来源
PROCEEDINGS OF 2015 4TH INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND NETWORK TECHNOLOGY (ICCSNT 2015) | 2015年
关键词
vulnerability evaluation; network security; CVSS; Environment statistics;
D O I
暂无
中图分类号
TP39 [计算机的应用];
学科分类号
081203 ; 0835 ;
摘要
In the field of network security, vulnerability evaluation is a very important method to assess the attack and defense means in many practical use, such as penetration testing and safety pre-warning. Up to now, there are a lot of vulnerability evaluate methods, such as CWE, CVSS, and there are a lot of basic evaluate methods for further improvement and optimization. This paper analyzes the existing vulnerability evaluate method and has found some insufficient changes in real-time environmental. This paper adds some new elements including topology environment factors, as well as log system information statistics, to make sure vulnerability evaluation can be used in a more flexible network security.
引用
收藏
页码:1249 / 1252
页数:4
相关论文
共 50 条
  • [1] VIET: A Tool for Extracting Essential Information from Vulnerability Descriptions for CVSS Evaluation
    Zhang, Siqi
    Zhang, Mengyuan
    Zhao, Lianying
    DATA AND APPLICATIONS SECURITY AND PRIVACY XXXVII, DBSEC 2023, 2023, 13942 : 386 - 403
  • [2] Improving CVSS-based vulnerability prioritization and response with context information
    Fruhwirth, Christian
    Mannisto, Tomi
    ESEM: 2009 3RD INTERNATIONAL SYMPOSIUM ON EMPIRICAL SOFTWARE ENGINEERING AND MEASUREMENT, 2009, : 536 - +
  • [3] On Prioritization of Vulnerability Categories Based on CVSS Scores
    Tripathi, Anshu
    Singh, Umesh Kumar
    2011 6TH INTERNATIONAL CONFERENCE ON COMPUTER SCIENCES AND CONVERGENCE INFORMATION TECHNOLOGY (ICCIT), 2012, : 692 - 697
  • [4] Identifying Relevant Information Cues for Vulnerability Assessment Using CVSS
    Allodi, Luca
    Banescu, Sebastian
    Femmer, Henning
    Beckers, Kristian
    PROCEEDINGS OF THE EIGHTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY (CODASPY'18), 2018, : 119 - 126
  • [5] A Conditional Probability Computation Method for Vulnerability Exploitation Based on CVSS
    Zhang, Hua
    Lou, Fang
    Fu, Yunsheng
    Tian, Zhihong
    2017 IEEE SECOND INTERNATIONAL CONFERENCE ON DATA SCIENCE IN CYBERSPACE (DSC), 2017, : 238 - 241
  • [6] A Survey of IIoT Protocols: A Measure of Vulnerability Risk Analysis Based on CVSS
    Figueroa-Lorenzo, Santiago
    Anorga, Javier
    Arrizabalaga, Saioa
    ACM COMPUTING SURVEYS, 2020, 53 (02)
  • [7] A revised CVSS-based system to improve the dispersion of vulnerability risk scores
    Chensi Wu
    Tao Wen
    Yuqing Zhang
    Science China Information Sciences, 2019, 62
  • [8] An Analysis of CVSS Version 2 Vulnerability Scoring
    Scarfone, Karen
    Mell, Peter
    ESEM: 2009 3RD INTERNATIONAL SYMPOSIUM ON EMPIRICAL SOFTWARE ENGINEERING AND MEASUREMENT, 2009, : 517 - 526
  • [9] revised CVSS-based system to improve the dispersion of vulnerability risk scores
    Chensi WU
    Tao WEN
    Yuqing ZHANG
    ScienceChina(InformationSciences), 2019, 62 (03) : 193 - 195
  • [10] A revised CVSS-based system to improve the dispersion of vulnerability risk scores
    Wu, Chensi
    Wen, Tao
    Zhang, Yuqing
    SCIENCE CHINA-INFORMATION SCIENCES, 2019, 62 (03)
12345