Analytical Attack Modeling and Security Assessment based on the Common Vulnerability Scoring System

被引:0
|
作者
Doynikova, Elena [1 ]
Chechulin, Andrey [1 ]
Kotenko, Igor [1 ,2 ]
机构
[1] Russian Acad Sci, SPIIRAS, St Petersburg Inst Informat & Automat, St Petersburg, Russia
[2] St Petersburg Natl Res Univ Informat Technol Mech, St Petersburg, Russia
来源
PROCEEDINGS OF THE 20TH CONFERENCE OF OPEN INNOVATIONS ASSOCIATION (FRUCT 2017) | 2017年
基金
俄罗斯科学基金会;
关键词
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The paper analyzes an approach to the analytical attack modeling and security assessment on the base of the Common Vulnerability Scoring System (CVSS) format, considering different modifications that appeared in the new version of the CVSS specification. The common approach to the analytical attack modeling and security assessment was suggested by the authors earlier. The paper outlines disadvantages of previous CVSS version that influenced negatively on the results of the attack modeling and security assessment. Differences between new and previous CVSS versions are analyzed. Modifications of the approach to the analytical attack modeling and security assessment that follow from the CVSS modifications are suggested. Advantages of the modified approach are described. Case study that illustrates enhanced approach is provided.
引用
收藏
页码:53 / 61
页数:9
相关论文
共 50 条
  • [1] Optimal Cyber Attack Strategy Using Reinforcement Learning Based on Common Vulnerability Scoring System
    Kim, Bum-Sok
    Suk, Hye-Won
    Choi, Yong-Hoon
    Moon, Dae-Sung
    Kim, Min-Suk
    [J]. CMES-COMPUTER MODELING IN ENGINEERING & SCIENCES, 2024, : 1551 - 1574
  • [2] Common vulnerability, scoring system
    Mell, Peter
    Scarfone, Karen
    Romanosky, Sasha
    [J]. IEEE SECURITY & PRIVACY, 2006, 4 (06) : 85 - 89
  • [3] Network Security Node-Edge Scoring System Using Attack Graph Based on Vulnerability Correlation
    Shin, Gun-Yoon
    Hong, Sung-Sam
    Lee, Jung-Sik
    Han, In-Sung
    Kim, Hwa-Kyung
    Oh, Haeng-Rok
    [J]. APPLIED SCIENCES-BASEL, 2022, 12 (14):
  • [4] Improving the Common Vulnerability Scoring System
    Mell, P.
    Scarfone, K.
    [J]. IET INFORMATION SECURITY, 2007, 1 (03) : 119 - 127
  • [5] Automation of Quantifying Security Risk Level on Injection Attacks Based on Common Vulnerability Scoring System Metric
    Kurniawan, Aditya
    Darus, Mohamad Yusof
    Ariffin, Muhammad Azizi Mohd
    Muliono, Yohan
    Pardomuan, Chrisando Ryan
    [J]. PERTANIKA JOURNAL OF SCIENCE AND TECHNOLOGY, 2023, 31 (03): : 1245 - 1265
  • [6] An expert-based investigation of the Common Vulnerability Scoring System
    Holm, Hannes
    Afridi, Khalid Khan
    [J]. COMPUTERS & SECURITY, 2015, 53 : 18 - 30
  • [7] Automotive Cybersecurity Vulnerability Assessment Using the Common Vulnerability Scoring System and Bayesian Network Model
    Wang, Yinghui
    Yu, Bin
    Yu, Haiyang
    Xiao, Lingyun
    Ji, Haojie
    Zhao, Yanan
    [J]. IEEE SYSTEMS JOURNAL, 2023, 17 (02): : 2880 - 2891
  • [8] Designing Utility Functions for Game-Theoretic Cloud Security Assessment: A Case for Using the Common Vulnerability Scoring System
    Maghrabi, Louai
    Pfluegel, Eckhard
    Noorji, Senna Fathima
    [J]. 2016 INTERNATIONAL CONFERENCE ON CYBER SECURITY AND PROTECTION OF DIGITAL SERVICES (CYBER SECURITY), 2016,
  • [9] Security threat probability computation using Markov Chain and Common Vulnerability Scoring System
    Le, Ngoc T.
    Hoang, Doan B.
    [J]. 2018 28TH INTERNATIONAL TELECOMMUNICATION NETWORKS AND APPLICATIONS CONFERENCE (ITNAC), 2018, : 306 - 311
  • [10] Vulnerability Management Models Using a Common Vulnerability Scoring System
    Walkowski, Michal
    Oko, Jacek
    Sujecki, Slawomir
    [J]. APPLIED SCIENCES-BASEL, 2021, 11 (18):
12345