Proceedings of the 2nd International Conference on Electrical and Electronic Engineering (EEE 2019)

An Automatic Approach for Scoring Vulnerabilities in Risk Assessment

Authors
Ying-jun Zhang, Peng Liao, Ke-zhen Huang, Yu-ling Liu
Corresponding Author
Ying-jun Zhang
Available Online July 2019.
DOI
https://doi.org/10.2991/eee-19.2019.41How to use a DOI?
Keywords
Risk assessment, Vulnerability
Abstract
Risk assessment is vital to an information system. Current approaches usually rely on human experts’ experience to give scores to vulnerabilities in the information system and synthesize the scores to form the whole risk score of the system. The experts give such scores by understanding a vulnerability in terms of the difficulties of exploiting and impacts of being exploited. However, such scores are mostly dependent on the human’s experiences, which makes the results are not consistent when different analysts give the scores. In this paper, we design an approach to give such scores without any need of human experiments. Specifically, we acknowledge a vulnerability, especially the impact of the vulnerability, by searching it online. From the results, we are able to know its popularity and impacts using machine learning algorithms. To avoid the redundant searched results, we utilize an n-gram based approach to eliminate them. We also give examples in the evaluation to show how our approach work. Results show that our approach is able to give such scores without any need on human’s experiences, in the result of giving unbiased scores.
Open Access
This is an open access article distributed under the CC BY-NC license.

Download article (PDF)

Proceedings
2nd International Conference on Electrical and Electronic Engineering (EEE 2019)
Part of series
Advances in Engineering Research
Publication Date
July 2019
ISBN
978-94-6252-754-6
ISSN
2352-5401
DOI
https://doi.org/10.2991/eee-19.2019.41How to use a DOI?
Open Access
This is an open access article distributed under the CC BY-NC license.

Cite this article

TY  - CONF
AU  - Ying-jun Zhang
AU  - Peng Liao
AU  - Ke-zhen Huang
AU  - Yu-ling Liu
PY  - 2019/07
DA  - 2019/07
TI  - An Automatic Approach for Scoring Vulnerabilities in Risk Assessment
BT  - 2nd International Conference on Electrical and Electronic Engineering (EEE 2019)
PB  - Atlantis Press
SP  - 256
EP  - 261
SN  - 2352-5401
UR  - https://doi.org/10.2991/eee-19.2019.41
DO  - https://doi.org/10.2991/eee-19.2019.41
ID  - Zhang2019/07
ER  -