Automatic vulnerability quantitative evaluation method and system

A quantitative assessment and vulnerability technology, applied in the field of information security, can solve problems such as increased risk value, difficulty in updating CVSS scoring in a timely manner, and difficulty in exploiting vulnerabilities, and achieve the effect of simplifying the scoring steps and reducing the impact

Active Publication Date: 2020-02-18
NANJING NARI GROUP CORP +4
View PDF8 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For example, if a vulnerability has just been announced, it is more difficult to exploit it
However, with the passage of time, more and more details of the vulnerability on the Internet are discussed and analyzed, and the steps of exploiting the vulnerability are also described in detail, so the exploitation of the vulnerability will become much easier, and the possibility of using this vulnerability to attack It will also increase, and the value of risk will increase
Therefore, as time changes, the risk profile of the system will also change, and it is difficult to update the CVSS score in time

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automatic vulnerability quantitative evaluation method and system
  • Automatic vulnerability quantitative evaluation method and system
  • Automatic vulnerability quantitative evaluation method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] like figure 1 As shown, this technique is a method for risk quantification of system vulnerability automation. The specific implementation is as follows:

[0027] 1) Data preprocessing

[0028] First conduct an online search for a system vulnerability and collect relevant results. Usually, the results contain many web pages, and similar networks need to be clustered as well. For example, if you search for information on the vulnerability CVE-2019-9601, the returned results include 120 webpage information, and some of them are simply forwarded. Therefore, you need to delete the repeated results to get the number of different webpages.

[0029] In order to delete duplicate web pages, it is necessary to compare their similarities. Use the N-Gram similarity comparison method. For each web page, use n words to decompose the content. Then calculate the hash value of n words. Therefore, for each web page, a series of hash values ​​can be obtained. Therefore, by calcula...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an automatic vulnerability quantitative evaluation method and system. According to the risk evaluation method, existing risk evaluation information is researched, key features are extracted, automatic risk quantitative analysis is carried out in combination with an artificial intelligence related algorithm, the influence degree of vulnerability is objectively reflected, scoring factors are simplified, and the influence on risk evaluation along with time changes is avoided. The method has the advantages that the CVSS score is learned and combined with the objective resultof network search, the vulnerability evaluation value is automatically obtained, the scoring step is simplified, and the influence of subjective factors on the evaluation result is reduced.

Description

technical field [0001] The present invention mainly relates to the technical field of information security, and more precisely relates to an automatic vulnerability quantitative assessment method and system. Background technique [0002] Currently, information systems require risk assessment to identify and analyze potential security threats. Risk assessment is an assessment of the threats, weaknesses, impacts, and the possibility of risks brought about by the combined effects of the information system-related assets. Risk assessment mainly includes three aspects: assets, threats and vulnerabilities. [0003] Vulnerabilities are the weaknesses of assets in a network or system that can be exploited by threats. Vulnerabilities are also called loopholes. There are many types and quantities of vulnerabilities. Risk assessment is largely based on the scoring of threats posed by system-related vulnerabilities (ie vulnerabilities). At present, there are various standards for vul...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06N20/00G06K9/62
CPCH04L63/1433G06N20/00G06F18/23
Inventor 张颖君杨维永黄克振唐云善廖鹏连一峰
Owner NANJING NARI GROUP CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap