An Automatic Approach for Scoring Vulnerabilities in Risk Assessment
Ying-jun Zhang, Peng Liao, Ke-zhen Huang, Yu-ling Liu
Available Online July 2019.
- https://doi.org/10.2991/eee-19.2019.41How to use a DOI?
- Risk assessment, Vulnerability
- Risk assessment is vital to an information system. Current approaches usually rely on human experts’ experience to give scores to vulnerabilities in the information system and synthesize the scores to form the whole risk score of the system. The experts give such scores by understanding a vulnerability in terms of the difficulties of exploiting and impacts of being exploited. However, such scores are mostly dependent on the human’s experiences, which makes the results are not consistent when different analysts give the scores. In this paper, we design an approach to give such scores without any need of human experiments. Specifically, we acknowledge a vulnerability, especially the impact of the vulnerability, by searching it online. From the results, we are able to know its popularity and impacts using machine learning algorithms. To avoid the redundant searched results, we utilize an n-gram based approach to eliminate them. We also give examples in the evaluation to show how our approach work. Results show that our approach is able to give such scores without any need on human’s experiences, in the result of giving unbiased scores.
- Open Access
- This is an open access article distributed under the CC BY-NC license.
Cite this article
TY - CONF AU - Ying-jun Zhang AU - Peng Liao AU - Ke-zhen Huang AU - Yu-ling Liu PY - 2019/07 DA - 2019/07 TI - An Automatic Approach for Scoring Vulnerabilities in Risk Assessment BT - 2nd International Conference on Electrical and Electronic Engineering (EEE 2019) PB - Atlantis Press SP - 256 EP - 261 SN - 2352-5401 UR - https://doi.org/10.2991/eee-19.2019.41 DO - https://doi.org/10.2991/eee-19.2019.41 ID - Zhang2019/07 ER -