An automated vulnerability quantitative assessment method and system

A quantitative assessment and vulnerability technology, applied in the field of information security, can solve the problems of increasing risk value, difficult to update CVSS score in time, and difficult to realize vulnerability utilization, and achieve the effect of simplifying the scoring steps and reducing the impact.

Active Publication Date: 2022-03-04
NANJING NARI GROUP CORP +4
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For example, if a vulnerability has just been announced, it is more difficult to exploit it
However, with the passage of time, more and more details of the vulnerability on the Internet are discussed and analyzed, and the steps of exploiting the vulnerability are also described in detail, so the exploitation of the vulnerability will become much easier, and the possibility of using this vulnerability to attack It will also increase, and the value of risk will increase
Therefore, as time changes, the risk profile of the system will also change, and it is difficult to update the CVSS score in time

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An automated vulnerability quantitative assessment method and system
  • An automated vulnerability quantitative assessment method and system
  • An automated vulnerability quantitative assessment method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] Such as figure 1 As shown, this technique is a method for risk quantification of system vulnerability automation. The specific implementation is as follows:

[0027] 1) Data preprocessing

[0028] First conduct an online search for a system vulnerability and collect relevant results. Usually, the results contain many web pages, and similar networks need to be clustered as well. For example, if you search for information on the vulnerability CVE-2019-9601, the returned results include 120 webpage information, and some of them are simply forwarded. Therefore, you need to delete the repeated results to get the number of different webpages.

[0029] In order to delete duplicate web pages, it is necessary to compare their similarities. Use the N-Gram similarity comparison method. For each web page, use n words to decompose the content. Then calculate the hash value of n words. Therefore, for each web page, a series of hash values ​​can be obtained. Therefore, by calc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides an automated vulnerability quantitative assessment method and system, by researching existing risk assessment information, extracting key features, and combining artificial intelligence related algorithms for automated risk quantitative analysis, objectively reflecting the impact of vulnerability size, simplify scoring factors, and address the impact on risk assessment over time. The invention has the advantages of learning the CVSS scoring and combining with the objective results of the network search to automatically obtain the vulnerability evaluation value, simplifying the scoring steps and reducing the influence of subjective factors on the evaluation results.

Description

technical field [0001] The present invention mainly relates to the technical field of information security, and more precisely relates to an automatic vulnerability quantitative assessment method and system. Background technique [0002] Currently, information systems require risk assessment to identify and analyze potential security threats. Risk assessment is an assessment of the threats, weaknesses, impacts, and the possibility of risks brought about by the combined effects of the information system-related assets. Risk assessment mainly includes three aspects: assets, threats and vulnerabilities. [0003] Vulnerabilities are the weaknesses of assets in a network or system that can be exploited by threats. Vulnerabilities are also called loopholes. There are many types and quantities of vulnerabilities. Risk assessment is largely based on the scoring of threats posed by system-related vulnerabilities (ie vulnerabilities). At present, there are various standards for vul...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L67/02G06N20/00G06K9/62
CPCH04L63/1433G06N20/00G06F18/23
Inventor 张颖君杨维永黄克振唐云善廖鹏连一峰
Owner NANJING NARI GROUP CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap