• Corpus ID: 10776918

Analyzing Trends in Vulnerability Classes across CVSS Metrics

@article{Anshu2011AnalyzingTI,
  title={Analyzing Trends in Vulnerability Classes across CVSS Metrics},
  author={Tripathi Anshu and Kumar Singh Umesh},
  journal={International Journal of Computer Applications},
  year={2011},
  volume={36},
  pages={38-44}
}
Rising vulnerability statistics demands multidimensional trend analysis for efficient threat mitigation. Understanding trends aids in early detection of problems and also in planning defense mechanisms. In this regard, this paper presents finegrained trend analysis on classified vulnerability data provided by NVD, across six CVSS base metrics. Such analysis of vulnerability data according to their type, CIA impact, access vector and access complexity helpful in identifying most critical class… 
Evaluation of severity index of vulnerability categories
TLDR
An algorithm is proposed to evaluate severity index of vulnerability categories focusing on vulnerability characteristics and relative distribution of vulnerability population to develop better risk mitigation strategies.
Quantitative Security Risk Evaluation using CVSS Metrics by Estimation of Frequency and Maturity of Exploit
TLDR
A risk estimation model that uses vulnerability database National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS) to estimate a security risk level from vulnerability information as a combination of period of exploitation and frequency of occurrence.
Information Security Assessment by Quantifying Risk Level of Network Vulnerabilities
TLDR
A framework for risk level estimation that uses vulnerability database National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS) to measure the frequency of vulnerability exploitation and estimates the security risk level which helps in automated and reasonable security management.
A model for quantitative security measurement and prioritisation of vulnerability mitigation
TLDR
A quantitative security measurement model is proposed that measures security level of hosts in the network by aggregating risk levels of vulnerabilities in a meaningful manner and produces quantitative security metrics that provide rapid and consistent security measurement, hence aid in automated and reasonable security management.
Determination of Security Threat Classes on the basis of Vulnerability Analysis for Automated Countermeasure Selection
TLDR
The authors propose an approach to determine weaknesses of the analyzed system on the basis of its known vulnerabilities for further specification of security threats.
Research on Network Security Risk Assessment Method Based on Bayesian Reasoning
  • Xiangna Li, Mengao Li, Hui Wang
  • Computer Science
    2019 IEEE 9th International Conference on Electronics Information and Emergency Communication (ICEIEC)
  • 2019
TLDR
To accurately assess the vulnerability of computer networks, the paper proposes a BNAG model and vulnerability assessment algorithm, as well as the E-Loop algorithm, which is used for solving the loop problem in the attack graph.
A New Method of Network Risk Assessment Based on Bayesian Model
TLDR
The model designs the quantitative method of attack revenue and attack cost index, introduces the atomic attack efficiency variable, and obtains the prior risk probability of each node in the network, so as to carry out the static evaluation of network risk.
Detection of Weaknesses in Information Systems for Automatic Selection of Security Actions
TLDR
The problem of automation of the process of detecting weaknesses in information systems based on the analysis of its vulnerabilities is solved and the approach proposed by the authors to automatic formation of a set of required security tools for a particular information system is proposed.
Information Security Risk Management with Octave Method and ISO/EIC 27001: 2013 (Case Study: Airlangga University)
TLDR
The results of this research are expected to provide an information security risk management framework, so that the vulnerability and financial lost analysis of each asset can be a risk, and risk mitigation plans on each asset may consider vulnerability and return of investment.

References

SHOWING 1-8 OF 8 REFERENCES
Taxonomic analysis of classification schemes in vulnerability databases
  • A. Tripathi, U. Singh
  • Computer Science, Environmental Science
    2011 6th International Conference on Computer Sciences and Convergence Information Technology (ICCIT)
  • 2011
TLDR
The objective is to shape and mature a classification scheme to accelerate research in the quantitative evaluation of risk levels as a measure of system security.
Vulnerability Trends: Measuring Progress
TLDR
This work analyzed data from the National Vulnerability Database (NVD), which provides fine-grained search capabilities of all publicly reported software vulnerabilities since 1997, and identified 41,810 vulnerabilities for more than 20,000 products.
Models of information security trend analysis
TLDR
A framework for conduct of information security trend analyses offers a common ground in which issues may be resolved and a discussion of cautionary factors in the application of this framework is included.
A Trend Analysis of Vulnerabilities
TLDR
It is argued that measuring vulnerability occurrences may have predictive value and that this concept of retrospective metric is an interesting approach to expressing assurance.
Introducing "Insecure IT"
This article introduces "insecure IT", a new department for IT Professional that will cover security weaknesses in IT systems, ranging from desktops to global e-commerce networks. This regular
A Categorization Framework for Commom Vulnerabilities and Exposures.
  • In the computer Journal Advance Access published online on May
  • 2009
Common Vulnerabilities and Exposures
    Common Weakness Enumeration