Dynamic Risk Assessment System for the Vulnerability Scoring
Author(s):
Article Type:
Research/Original Article (دارای رتبه معتبر)
Abstract:
One of the key factors that endangers network security is software vulnerabilities. So, increasing growth of vulnerability emergence is a critical challenge in security management. Also, organizations constantly encounter the limited budget problem. Therefore, to do network hardening in a cost-benefit manner, quantitative vulnerability assessment for finding the most critical vulnerabilities is a vital issue. The most prominent vulnerability scoring systems is CVSS (Common Vulnerability Scoring System) that ranks vulnerabilities based on their intrinsic characteristics. But in CVSS, Temporal features or the effect of existing patches and exploit tools in risk estimation of vulnerabilities are ignored. So, CVSS scores are not accurate. Another deficiency with CVSS that limits its application in real networks is that, in CVSS, only a small set of scores is used for discriminating between numerous numbers of vulnerabilities. To improve the difficulties with existing scoring systems, here some security metrics are defined that rank vulnerabilities by considering their temporal features beside their intrinsic ones. Also, by the aim of improving scores diversity in CVSS, a new method is proposed for Impact estimation of vulnerability exploitation on security parameters of the network. Performing risk assessment by considering the type of the attacker which endangers the network security most is another novelty of this paper
Keywords:
CVSS , Risk , Vulnerability , Impact , Network Hardening , Security Metric , exploit , patch
Language:
English
Published:
International Journal Information and Communication Technology Research, Volume:9 Issue: 4, Autmun 2017
Pages:
57 to 68
magiran.com/p1861515
دانلود و مطالعه متن این مقاله با یکی از روشهای زیر امکان پذیر است:
اشتراک شخصی
با عضویت و پرداخت آنلاین حق اشتراک یکساله به مبلغ 1,390,000ريال میتوانید 70 عنوان مطلب دانلود کنید!
اشتراک سازمانی
به کتابخانه دانشگاه یا محل کار خود پیشنهاد کنید تا اشتراک سازمانی این پایگاه را برای دسترسی نامحدود همه کاربران به متن مطالب تهیه نمایند!
توجه!
- حق عضویت دریافتی صرف حمایت از نشریات عضو و نگهداری، تکمیل و توسعه مگیران میشود.
- پرداخت حق اشتراک و دانلود مقالات اجازه بازنشر آن در سایر رسانههای چاپی و دیجیتال را به کاربر نمیدهد.
In order to view content subscription is required
Personal subscription
Subscribe magiran.com for 70 € euros via PayPal and download 70 articles during a year.
Organization subscription
Please contact us to subscribe your university or library for unlimited access!