Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A security vulnerability threat quantification method based on multi-level impact factors

An impact factor and multi-level technology, applied in the field of network security, can solve the problems of not considering the degree of attention of vulnerabilities, strong subjectivity of evaluation, and inability to reflect the objective threat of vulnerabilities well, so as to avoid deviation and obtain efficiently Effect

Active Publication Date: 2020-12-01
BEIJING INST OF COMP TECH & APPL
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Therefore, only focusing on the vulnerability itself and the environment without considering the degree of concern about the vulnerability will lead to a decrease in the reference value of the vulnerability score
In addition, the environmental factors in the CVSS system include the modification of the basic factors and the requirements for confidentiality, integrity and availability in a specific environment, but the evaluation is highly subjective and cannot well reflect the objective threat of vulnerabilities

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A security vulnerability threat quantification method based on multi-level impact factors
  • A security vulnerability threat quantification method based on multi-level impact factors
  • A security vulnerability threat quantification method based on multi-level impact factors

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] In order to make the purpose, content, and advantages of the present invention clearer, the specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.

[0038] figure 1 Shown is a schematic diagram of the basic framework of a distributed crawler, such as figure 1 As shown, the distributed crawler includes five functional modules: crawling module 2, parsing module 3, verification module 6, merging module 5 and transformation module 7. Crawling module 2 generates a list to be crawled according to the website list 4 in the URL library 11, and then sends the list segmentation to the crawler node to crawl the webpage; Parse, save the external chain address parsed in the external chain URL library 14; verification module 6 is to verify that the link in the external chain URL library 14 ensures that the address that has been visited is removed; the merging module is to link ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a multilayer impact factor-based security vulnerability threat quantification method. The method comprises the following steps of: 1, determining a website to be crawled, crawling website data and processing the website data to obtain content related to heat assessment; 2, processing the crawled website data, carrying out heat assessment and correcting the score of a CVSS basic factor through a formula 1: ScoreBase=min [(ScoreBasc+ScoreConcerned), 8] (Formula 1), ScoreSconcerned=5*Publish*Click*Transmit (Formula2), wherein ScoreConcerned is a heat score, ScoreBasc is a basic score, Publish is a publish frequency, Click is a click frequency and Transmit is a transmit frequency; 3, carrying out asset assessment; and 4, fusing an asset assessment result obtained in the step 3 with a CVSS basic score by referring to a CVSS algorithm so as to obtain a final hole score, and substituting the final hole score into a CVSS assessment algorithm to obtain a final hole score.

Description

technical field [0001] The invention belongs to the technical field of network security, and designs a security loophole threat quantification method based on multi-level impact factors. Background technique [0002] The wide application of information technology and the rapid development of cyberspace have greatly promoted the prosperity and progress of society. However, in the process of informatization development, information security issues have become increasingly prominent. And destruction opens the door to convenience. In order to prevent problems before they happen, quantitative analysis of security vulnerabilities in advance, and taking corresponding protective measures according to the degree of harm of security vulnerabilities can effectively reduce asset losses. [0003] Quantitative analysis of security vulnerabilities is to comprehensively consider the security vulnerabilities themselves, occurrence conditions, scope of occurrence, and the degree of damage to...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 贾琼温泉吴明杰王斌陈志浩于石林常承伟毛利旻达小文
Owner BEIJING INST OF COMP TECH & APPL
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products