Support for the Vulnerability Management Process Using Conversion CVSS Base Score 2.0 to 3.x-Reference-Cited by-同舟云学术

Support for the Vulnerability Management Process Using Conversion CVSS Base Score 2.0 to 3.x

Published:2023-02-06 Issue:4 Volume:23 Page:1802
ISSN:1424-8220
Container-title:Sensors
language:en
Short-container-title:Sensors

Author:

Nowak Maciej Roman¹^ORCID,Walkowski Michał¹^ORCID,Sujecki Sławomir¹^ORCID

Affiliation:

1. Department of Telecommunications and Teleinformatics, Wroclaw University of Science and Technology, 50-370 Wroclaw, Poland

Abstract

COVID-19 forced a number of changes in many areas of life, which resulted in an increase in human activity in cyberspace. Furthermore, the number of cyberattacks has increased. In such circumstances, detection, accurate prioritisation, and timely removal of critical vulnerabilities is of key importance for ensuring the security of various organisations. One of the most-commonly used vulnerability assessment standards is the Common Vulnerability Scoring System (CVSS), which allows for assessing the degree of vulnerability criticality on a scale from 0 to 10. Unfortunately, not all detected vulnerabilities have defined CVSS base scores, or if they do, they are not always expressed using the latest standard (CVSS 3.x). In this work, we propose using machine learning algorithms to convert the CVSS vector from Version 2.0 to 3.x. We discuss in detail the individual steps of the conversion procedure, starting from data acquisition using vulnerability databases and Natural Language Processing (NLP) algorithms, to the vector mapping process based on the optimisation of ML algorithm parameters, and finally, the application of machine learning to calculate the CVSS 3.x vector components. The calculated example results showed the effectiveness of the proposed method for the conversion of the CVSS 2.0 vector to the CVSS 3.x standard.

Funder

Wrocław University of Science and Technology

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Biochemistry,Instrumentation,Atomic and Molecular Physics, and Optics,Analytical Chemistry

Link

https://www.mdpi.com/1424-8220/23/4/1802/pdf

Reference40 articles.

1. Lohrmann, D., and Lohrmann, D. (2023, January 28). The Year the COVID-19 Crisis Brought a Cyber Pandemic. Government Technology Website, Available online: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/2020-the-year-the-covid-19-crisis-brought-a-cyber-pandemic.html.

2. Fichtenkamm, M., Burch, G.F., and Burch, J. (2023, January 23). ISACA JOURNAL Cybersecurity in a COVID-19 World: Insights on How Decisions Are Made. Available online: https://www.isaca.org/resources/isaca-journal/issues/2022/volume-2/cybersecurity-in-a-covid-19-world.

3. Scarfone, K., Greene, J.E., and Souppaya, M. (2023, January 28). Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions, Available online: https://csrc.nist.gov/CSRC/media/Publications/Shared/documents/itl-bulletin/itlbul2020-03.pdf.

4. SkyboxR Research Lab (2023, January 28). Vulnerability and Threat Trends; Technical Report 2022. Available online: https://www.skyboxsecurity.com/wp-content/uploads/2022/04/skyboxsecurity-vulnerability-threat-trends-report-2022_041122.pdf.

5. IBM (2023, January 28). Cost of a Data Breach Report 2019. Available online: https://www.ibm.com/downloads/cas/RDEQK07R.

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. AI Driven IoT Healthcare Devices Security Vulnerability Management;2024 2nd International Conference on Disruptive Technologies (ICDT);2024-03-15

2. Comparative Analysis of Open-Source Tools for Conducting Static Code Analysis;Sensors;2023-09-19