Loophole risk basic evaluation method based on CVSS

A vulnerability and basic technology, applied in the field of vulnerability risk basic assessment based on CVSS, can solve the problems of not considering relative importance, duplication of resources, lack of objectivity of measurement standards, etc., to achieve more objective assessment results and improve diversity. Effect
CN107220549AActive Publication Date: 2017-09-29CIVIL AVIATION UNIV OF CHINA
7 Cites 15 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
CIVIL AVIATION UNIV OF CHINA
Publication Date
2017-09-29

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention provides a loophole risk basic evaluation method based on a CVSS. The method comprises the steps of S01, preprocessing data; S02, determining weights of the three basic evaluation indexes, and conducting optimization; S03, solving the weights of the basic evaluation indexes; S04, calculating a basic evaluation estimation value of every loophole threat. Compared with the prior art, according to the loophole risk basic evaluation method based on the CVSS, on the basis of CVSS evaluation, a basic evaluation estimation index weight distribution method is redesigned, according to the relative importance of the basic evaluation indexes, the weights of the basic evaluation indexes are optimized and distributed, a grey correlation degree index weight solving method is combined with the basic evaluation estimation index weight distribution method, so that the evaluation result is more objective, the diversity of the evaluation result is improved, and the loophole threat is conveniently and visually distinguished.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention belongs to the technical field of system security, in particular to a CVSS-based vulnerability risk assessment method. Background technique

[0002] In recent years, the number of vulnerabilities in information systems has grown exponentially, and Advanced Persistent Threat (APT) attacks continue to emerge, and they are extremely targeted and concealed. Traditional protection methods represented by technologies such as intrusion detection and firewall are no longer sufficient to deal with these security threats. The vulnerability threat scoring method can rank the vulnerabilities according to the relevant attributes and the degree of harm, and prioritize the more destructive security vulnerabilities to minimize the possible risks caused by the vulnerabilities.

[0003] According to the diversity of scoring results, vulnerability threat scoring is divided into two methods: qualitative assessment and quantitative assessment. The method of...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More