Vulnerability risk assessment method based on cvss

A vulnerability and basic technology, applied in the field of vulnerability risk basic assessment based on CVSS, can solve the problems of not considering relative importance, duplication of resources, waste, etc., to achieve the effect of more objective assessment results and improved diversity

Active Publication Date: 2020-12-01
CIVIL AVIATION UNIV OF CHINA
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, CVSS has its own shortcomings. The weight distribution of basic evaluation indicators depends too much on the subjective experience decisions of experts and scholars when formulating, and the measurement standards lack objectivity.
In addition, in the process of basic scoring of vulnerability threats, CVSS assigns equal weights to confidentiality impact, integrity impact, and exploitability impact without considering their relative importance, and cannot clearly distinguish the differences in the internal attributes of vulnerabilities with similar scores. lead to duplication and waste of resources

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability risk assessment method based on cvss
  • Vulnerability risk assessment method based on cvss
  • Vulnerability risk assessment method based on cvss

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments, but the following embodiments in no way limit the present invention.

[0030] Such as figure 1 As shown, the CVSS-based vulnerability risk assessment method provided by the present invention comprises the following steps carried out in order:

[0031]1) Stage S01 of collecting vulnerability data in the system and preprocessing the data: Randomly select a number of vulnerability data from the vulnerabilities recorded in the NVD vulnerability database in the past three years as data samples, and then according to the confidentiality impact, integrity impact and reliability Utilize the attributes of the three basic evaluation indicators of impact to divide the data of each of the above vulnerabilities into three categories, and calculate the respective proportions and categories of the data of the three attributes of full impact, partial impact, and...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a loophole risk basic evaluation method based on a CVSS. The method comprises the steps of S01, preprocessing data; S02, determining weights of the three basic evaluation indexes, and conducting optimization; S03, solving the weights of the basic evaluation indexes; S04, calculating a basic evaluation estimation value of every loophole threat. Compared with the prior art, according to the loophole risk basic evaluation method based on the CVSS, on the basis of CVSS evaluation, a basic evaluation estimation index weight distribution method is redesigned, according to the relative importance of the basic evaluation indexes, the weights of the basic evaluation indexes are optimized and distributed, a grey correlation degree index weight solving method is combined with the basic evaluation estimation index weight distribution method, so that the evaluation result is more objective, the diversity of the evaluation result is improved, and the loophole threat is conveniently and visually distinguished.

Description

technical field [0001] The invention belongs to the technical field of system security, in particular to a CVSS-based vulnerability risk assessment method. Background technique [0002] In recent years, the number of vulnerabilities in information systems has grown exponentially, and Advanced Persistent Threat (APT) attacks continue to emerge, and they are extremely targeted and concealed. Traditional protection methods represented by technologies such as intrusion detection and firewall are no longer sufficient to deal with these security threats. The vulnerability threat scoring method can rank the vulnerabilities according to the relevant attributes and the degree of harm, and prioritize the more destructive security vulnerabilities to minimize the possible risks caused by the vulnerabilities. [0003] According to the diversity of scoring results, vulnerability threat scoring is divided into two methods: qualitative assessment and quantitative assessment. The method of...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 谢丽霞胡立杰杨宏宇徐伟华
Owner CIVIL AVIATION UNIV OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap