首页 | 本学科首页   官方微博 | 高级检索  
     


VRSS: A new system for rating and scoring vulnerabilities
Authors:Qixu Liu Yuqing Zhang
Affiliation:National Computer Network Intrusion Protection Center, GUCAS, Beijing 100049, PR China State Key Laboratory of Information Security, GUCAS, Beijing 100049, PR China
Abstract:Vulnerabilities are extremely important for network security. IT management must identify and assess vulnerabilities across many disparate hardware and software platforms to prioritize these vulnerabilities and remediate those that pose the greatest risk. The focus of our research is the comparative analysis of existing vulnerability rating systems, so as to discover their respective advantages and propose a compatible rating framework to unify them. We do the statistic work on vulnerabilities of three famous vulnerability databases (IBM ISS X-Force, Vupen Security and National Vulnerability database) and analyze the distribution of vulnerabilities to expose the differences among different vulnerability rating systems. The statistical results show that the distributions of vulnerabilities are not much consistent with the normal distribution. Taking into account all kinds of existing vulnerability rating systems, we propose VRSS for qualitative rating and quantitative scoring vulnerabilities, which can combine respective advantages of all kinds of vulnerability rating systems. An experimental study of 33,654 vulnerabilities demonstrates that VRSS works well.
Keywords:Vulnerability  Qualitative rating  Quantitative scoring
本文献已被 ScienceDirect 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号