基于漏洞類型的漏洞可利用性量化評估系統(tǒng)
發(fā)布時間:2018-10-09 11:03
【摘要】:準確量化單個漏洞可利用性是解決基于攻擊路徑分析網(wǎng)絡安全態(tài)勢的基礎和關鍵,目前運用最廣泛的漏洞可利用性評估系統(tǒng)是通用漏洞評分系統(tǒng)(common vulnerability scoring system,CVSS).首先利用CVSS對54 331個漏洞的可利用性進行評分,將結果進行統(tǒng)計分析發(fā)現(xiàn)CVSS評分系統(tǒng)存在著評分結果多樣性不足,分數(shù)過于集中等問題.鑒于CVSS的不足,進一步對漏洞可利用性影響要素進行研究,研究發(fā)現(xiàn)漏洞類型能影響可利用性大小.因此將漏洞類型作為評估漏洞可利用性的要素之一,采用層次分析法將其進行量化,基于CVSS上提出一種更為全面的漏洞可利用性量化評估系統(tǒng)(exploitability of vulnerability scoring systems,EOVSS).實驗證明:EOVSS具有良好的多樣性,并能更準確有效地量化評估單個漏洞的可利用性.
[Abstract]:Accurately quantifying the exploitability of a single vulnerability is the basis and key to solve the network security situation analysis based on attack path. The most widely used vulnerability availability assessment system is the universal vulnerability scoring system (common vulnerability scoring system,CVSS). Firstly, CVSS is used to evaluate the exploitability of 54,331 loopholes, and the results are statistically analyzed. It is found that the CVSS scoring system has some problems, such as insufficient diversity of scoring results and excessive concentration of scores. In view of the deficiency of CVSS, the factors affecting vulnerability availability are further studied, and it is found that vulnerability type can influence the availability of vulnerability. Therefore, the type of vulnerability is regarded as one of the key factors to evaluate vulnerability availability, which is quantified by analytic hierarchy process (AHP), and a more comprehensive vulnerability availability evaluation system (exploitability of vulnerability scoring systems,EOVSS) based on CVSS is proposed. Experiments show that: EOVSS has good diversity and can evaluate the exploitability of a single vulnerability more accurately and effectively.
【作者單位】: 綜合業(yè)務網(wǎng)理論及關鍵技術國家重點實驗室(西安電子科技大學);國家計算機網(wǎng)絡入侵防范中心(中國科學院大學);西安電子科技大學數(shù)學與統(tǒng)計學院;
【基金】:國家自然科學基金項目(61572460,61272481) 國家重點研發(fā)計劃項目(2016YFB0800700) 信息安全國家重點實驗室的開放課題(2017-ZD-01) 國家發(fā)改委信息安全專項項目[(2012)1424] 國家111項目(B16037)~~
【分類號】:TP393.08
本文編號:2259100
[Abstract]:Accurately quantifying the exploitability of a single vulnerability is the basis and key to solve the network security situation analysis based on attack path. The most widely used vulnerability availability assessment system is the universal vulnerability scoring system (common vulnerability scoring system,CVSS). Firstly, CVSS is used to evaluate the exploitability of 54,331 loopholes, and the results are statistically analyzed. It is found that the CVSS scoring system has some problems, such as insufficient diversity of scoring results and excessive concentration of scores. In view of the deficiency of CVSS, the factors affecting vulnerability availability are further studied, and it is found that vulnerability type can influence the availability of vulnerability. Therefore, the type of vulnerability is regarded as one of the key factors to evaluate vulnerability availability, which is quantified by analytic hierarchy process (AHP), and a more comprehensive vulnerability availability evaluation system (exploitability of vulnerability scoring systems,EOVSS) based on CVSS is proposed. Experiments show that: EOVSS has good diversity and can evaluate the exploitability of a single vulnerability more accurately and effectively.
【作者單位】: 綜合業(yè)務網(wǎng)理論及關鍵技術國家重點實驗室(西安電子科技大學);國家計算機網(wǎng)絡入侵防范中心(中國科學院大學);西安電子科技大學數(shù)學與統(tǒng)計學院;
【基金】:國家自然科學基金項目(61572460,61272481) 國家重點研發(fā)計劃項目(2016YFB0800700) 信息安全國家重點實驗室的開放課題(2017-ZD-01) 國家發(fā)改委信息安全專項項目[(2012)1424] 國家111項目(B16037)~~
【分類號】:TP393.08
【相似文獻】
相關期刊論文 前1條
1 汪洋;基于Web的信息資源的可利用性[J];合肥聯(lián)合大學學報;2001年03期
相關碩士學位論文 前1條
1 劉平平;基于關聯(lián)關系的漏洞評估技術研究[D];北京郵電大學;2015年
,本文編號:2259100
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2259100.html
最近更新
教材專著
