30 results about "CVSS" patented technology

An enterprise vulnerability management application (EVMA), enterprise vulnerability management process (EVMP) and system. In one embodiment, the EVMP may include executing computer software code on at least one computer hardware platform to receive login information from a user, inventory current information technology assets of the enterprise, conduct vulnerability scanning of the inventoried information technology assets, analyze vulnerability correlation and prioritization of the information technology assets, remediate one or more vulnerabilities of the information technology assets, and report to the user about the vulnerabilities and remediation undertaken. As part of the analysis, one or more vulnerability scores such as, for example, Common Vulnerability Scoring System (CVSS) scores, may be generated from base score metrics, temporal score metrics and environment score metrics.

A method for risk analysis using information asset modeling. The method has the steps of: (a) identifying an information asset which uses or provides a network service; (b) identifying a threat on the information asset through a computer network; (c) identifying a vulnerability of the information asset; (d) calculating an AL (attack likelihood) by using a CVSS (Common Vulnerability Scoring System) score obtained by converting a severity caused by a success of an attack on the vulnerability into a standardized value; (e) computing the value of the information asset so as to calculate an IM (impact analysis); and (f) multiplying the calculated AL and IM so as to determine an RL (risk level) for the information asset.

The invention provides a loophole risk basic evaluation method based on a CVSS. The method comprises the steps of S01, preprocessing data; S02, determining weights of the three basic evaluation indexes, and conducting optimization; S03, solving the weights of the basic evaluation indexes; S04, calculating a basic evaluation estimation value of every loophole threat. Compared with the prior art, according to the loophole risk basic evaluation method based on the CVSS, on the basis of CVSS evaluation, a basic evaluation estimation index weight distribution method is redesigned, according to the relative importance of the basic evaluation indexes, the weights of the basic evaluation indexes are optimized and distributed, a grey correlation degree index weight solving method is combined with the basic evaluation estimation index weight distribution method, so that the evaluation result is more objective, the diversity of the evaluation result is improved, and the loophole threat is conveniently and visually distinguished.

The invention discloses a security baseline assessment method based on a SCAP. The security baseline assessment method based on the SCAP comprises the first step of asset identification, wherein rules are named through CPE for an assessed object, and the basic management foundation is provided for each assessment item, the second step of CVE, wherein CVE is carried out on the target object whose asset is assessed by using OVAL; the third step of CCE, wherein the security configuration of the asset is inspected by using an XCCDF, the fourth step of security scoring, wherein the security level of the asset is scored through a CVSS, and the fifth step of state baseline monitoring, wherein state baseline monitoring is carried out on the assessed target object reaching an established security baseline. By means of the security baseline assessment method based on the SCAP, the work of CVE, patch management and the like can be combined, and state baseline monitoring can be carried out on the assessed target object.

The invention discloses a method for generating an attack path and an attack graph based on multiple dimensions, and belongs to the technical field of network security. According to the method, vulnerability entry samples are collected, a vulnerability knowledge base is established, and a front permission and a rear permission are marked for each vulnerability entry sample; features, including vulnerability description text features and CVSS index features, of each vulnerability entry sample in the vulnerability knowledge base are extracted; text preprocessing is performed on the vulnerabilitydescription text features; an attack mode is defined by using a triple < the prepositive authority, the postpositive authority and the vulnerability entry >; an attack mode knowledge base is constructed; for the target industrial control network, an attack graph is generated by adopting a breadth-first forward attack graph generation algorithm based on an attack graph optimization strategy. The multi-dimensional attack paths and the high-dimensional attack graphs corresponding to various attack modes are generated by analyzing the environment attributes of different terminals, the attack graph generation process is optimized, and the attack graph generation efficiency is improved.

A technology solution for remediating a cyberattack risk in a computing resource asset in a network system. The technology solution includes monitoring data traffic directed to the computing resource asset in the network system along with data traffic to one or more additional computing resource assets in the network system, generating network utilization data based on the monitored data traffic to the computing resource asset and the monitored data traffic to the one or more additional computing resource assets in the network system, receiving a common vulnerability score (CVSS) for a vulnerability in the computing resource asset, determining a network traffic adjustment (NTA) value for the common vulnerability score (CVSS) based on the network utilization data, adjusting the common vulnerability score (CVSS) by the network traffic adjustment (NTA) value to generate a prioritized common vulnerability score (PCVSS) for the computing resource asset, and remediating the computing resource asset to resolve the vulnerability based on the prioritized common vulnerability (PCVSS) score.

The invention relates to an unknown vulnerability risk assessment method based on text analysis, and belongs to the technical field of network unknown vulnerability risk assessment, and the method comprises the steps: taking an American national vulnerability database and an NVD as sample data sources, and obtaining an existing vulnerability text description; performing text analysis on the samplevulnerability text description, and extracting a vector matrix; establishing a classification model by utilizing the extracted vector matrix and the corresponding CVSS score; and when risk assessmentis carried out on any vulnerability which is not scored, carrying out the step 2 firstly to obtain a corresponding vector matrix, and then inputting the corresponding vector matrix into the classification model obtained in the step 3 to obtain a vulnerability risk level. For vulnerabilities which do not exist in an existing vulnerability library, the risk levels of the vulnerabilities are automatically evaluated according to the vulnerability text description of the vulnerabilities, and the method is not limited to vulnerability library data any more. The automatic risk level assessment is helpful for the computer user to determine the severity of the vulnerability according to the vulnerability description, and provides a basis for the processing and sorting of the user.

The invention relates to an industrial control system-oriented vulnerability priority analysis method, system and device and a storage medium, which are characterized in that scene and vulnerability information obtained by detecting and scanning is combined with a PoC to give a scene-combined vulnerability availability measure, and then based on a CVSS framework, the measure value is combined with a CVSS score in a vulnerability report to give a vulnerability priority score. According to the method, the deviation caused by the fact that only attributes of vulnerabilities are considered in the CVSS scoring in the industrial control system is relieved. According to the system, the pressure of vulnerability verification under the industrial control system is effectively relieved, the vulnerability priority score under the scene where the vulnerability is located is efficiently and automatically given based on the CVSS, and meanwhile, the recommended PoC is provided to facilitate next verification.

The invention discloses a network vulnerability assessment method based on zero-day attack graph. First it is assumed that all services on a host in a network contain a zero-day vulnerability, a zero-day attack graph is generated through logical reasoning of a given pattern, and then the attack cost for utilizing the zero-day vulnerability to attack is quantified based on a vulnerability scanningtechnology and CVSS vulnerability scoring system, and finally, a network centrality theory is utilized to make an analysis to obtain the key vulnerabilities in the network. All possible unknown vulnerabilities in the network are fully considered while known vulnerabilities are dealt with, so that the assessment method has the capability of dealing with unknown vulnerabilities, can discover potential network vulnerabilities through logical reasoning, and assess the security of the current network, thereby providing a reference basis for further network security protection, and improving the security, reliability and availability of the network.

The invention discloses a multilayer impact factor-based security vulnerability threat quantification method. The method comprises the following steps of: 1, determining a website to be crawled, crawling website data and processing the website data to obtain content related to heat assessment; 2, processing the crawled website data, carrying out heat assessment and correcting the score of a CVSS basic factor through a formula 1: ScoreBase=min [(ScoreBasc+ScoreConcerned), 8] (Formula 1), ScoreSconcerned=5*Publish*Click*Transmit (Formula2), wherein ScoreConcerned is a heat score, ScoreBasc is a basic score, Publish is a publish frequency, Click is a click frequency and Transmit is a transmit frequency; 3, carrying out asset assessment; and 4, fusing an asset assessment result obtained in the step 3 with a CVSS basic score by referring to a CVSS algorithm so as to obtain a final hole score, and substituting the final hole score into a CVSS assessment algorithm to obtain a final hole score.

The invention discloses a risk-based vulnerability threat degree dynamic calculation method which specifically comprises the following steps: S1, directionally collecting vulnerability data in an NVDand CVE vulnerability database by adopting a crawler engine, carrying out timed incremental updating, taking the vulnerability data as a basic vulnerability database, and carrying out dissociation processing by taking a utilization mode and a CVSS score of the basic vulnerability database as classification directions to obtain a dissociated vulnerability database. The invention relates to the technical field of vulnerability risk level evaluation. Compared with a vulnerability rating standard in a general vulnerability scoring system, the risk-based vulnerability threat degree dynamic calculation method has the advantages that the RTS scoring mode judges the threat degree of the vulnerability according to the standard of 0-3000 scores, so that the threat degree of each vulnerability can bejudged more meticulously; The traditional high, medium and low levels are no longer used as the unique measurement standard of the vulnerability hazard degree.

The invention discloses a multi-dimensional software security risk assessment method based on CVSS. The problem that a CVSS measurement assessment standard cannot accurately and comprehensively evaluate vulnerability risk levels is solved. The method comprises the following implementation steps: acquiring software vulnerability data; analyzing vulnerability data and integrating into a data set; readjusting the weight of the relative importance measurement index; optimizing a distribution scheme of the measurement indexes in the influence; adding vulnerability type measurement indexes; adding utilization time probability measurement in the risk score; obtaining a risk assessment result by using the risk assessment formula. Relative importance weight distribution is carried out on measurement indexes in influence, vulnerability measurement indexes are added in availability measurement, and time utilization probabilities are added in risk scores. Compared with a traditional evaluation method, the method has more accurate scoring standards, more comprehensive evaluation factors and more dimensional evaluation results. The method is used for risk assessment of software vulnerabilities.

The invention discloses an AADL-based automatic generation method of an attack defense tree. The method comprises the following steps: modeling an information physical fusion system by adopting an AADL model; determining vulnerabilities of each component of the cyber-physical fusion system, and tracking and determining an attack path; selecting a final attack target of the system according to the attack path; taking the AADL model and an attack target as input, and obtaining an attack defense tree through a template library; and calculating the attack defense tree to obtain a minimum defense measure, performing quantitative evaluation on an attack probability value and a defense cost by combining a Bayesian network and a CVSS score value, and calculating a risk value of the system. The problems that a complex system is difficult to model, and risk vulnerabilities in the system are difficult to determine, track and solve, including the influence of network attacks on a physical system and an information system, are solved.

The embodiment of the invention provides a network risk sensing method and a network risk defense method. The network risk sensing method comprises the following steps: aggregating alarm data collected by an IDS to obtain a simplified alarm set; performing association analysis on the simplified alarm set to obtain a completed attack chain; matching the completed attack chain with a complete attack chain in a matching attack mode knowledge base, and calculating the threat degree of the completed attack chain; performing vulnerability scanning on a host, and querying a CVSS vulnerability score of the host; and performing open port scanning on the host, and calculating an open port attack utilization rate. The network risk defense method comprises: defending the host according to a CVSS vulnerability score in combination with the threat degree of the completed attack chain and the open port attack utilization rate. According to the method provided by the invention, multi-dimensional data is fused to carry out threat sensing, and state evaluation is carried out in combination with a scoring result, so that the accuracy of defense implementation is ensured, defense can be automatically completed, and manual decision is not needed.