Cargando…
Support for the Vulnerability Management Process Using Conversion CVSS Base Score 2.0 to 3.x
COVID-19 forced a number of changes in many areas of life, which resulted in an increase in human activity in cyberspace. Furthermore, the number of cyberattacks has increased. In such circumstances, detection, accurate prioritisation, and timely removal of critical vulnerabilities is of key importa...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2023
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9960370/ https://www.ncbi.nlm.nih.gov/pubmed/36850400 http://dx.doi.org/10.3390/s23041802 |
| _version_ | 1784895497957277696 |
|---|---|
| author | Nowak, Maciej Roman Walkowski, Michał Sujecki, Sławomir |
| author_facet | Nowak, Maciej Roman Walkowski, Michał Sujecki, Sławomir |
| author_sort | Nowak, Maciej Roman |
| collection | PubMed |
| description | COVID-19 forced a number of changes in many areas of life, which resulted in an increase in human activity in cyberspace. Furthermore, the number of cyberattacks has increased. In such circumstances, detection, accurate prioritisation, and timely removal of critical vulnerabilities is of key importance for ensuring the security of various organisations. One of the most-commonly used vulnerability assessment standards is the Common Vulnerability Scoring System (CVSS), which allows for assessing the degree of vulnerability criticality on a scale from 0 to 10. Unfortunately, not all detected vulnerabilities have defined CVSS base scores, or if they do, they are not always expressed using the latest standard (CVSS 3.x). In this work, we propose using machine learning algorithms to convert the CVSS vector from Version 2.0 to 3.x. We discuss in detail the individual steps of the conversion procedure, starting from data acquisition using vulnerability databases and Natural Language Processing (NLP) algorithms, to the vector mapping process based on the optimisation of ML algorithm parameters, and finally, the application of machine learning to calculate the CVSS 3.x vector components. The calculated example results showed the effectiveness of the proposed method for the conversion of the CVSS 2.0 vector to the CVSS 3.x standard. |
| format | Online Article Text |
| id | pubmed-9960370 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2023 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-99603702023-02-26 Support for the Vulnerability Management Process Using Conversion CVSS Base Score 2.0 to 3.x Nowak, Maciej Roman Walkowski, Michał Sujecki, Sławomir Sensors (Basel) Article COVID-19 forced a number of changes in many areas of life, which resulted in an increase in human activity in cyberspace. Furthermore, the number of cyberattacks has increased. In such circumstances, detection, accurate prioritisation, and timely removal of critical vulnerabilities is of key importance for ensuring the security of various organisations. One of the most-commonly used vulnerability assessment standards is the Common Vulnerability Scoring System (CVSS), which allows for assessing the degree of vulnerability criticality on a scale from 0 to 10. Unfortunately, not all detected vulnerabilities have defined CVSS base scores, or if they do, they are not always expressed using the latest standard (CVSS 3.x). In this work, we propose using machine learning algorithms to convert the CVSS vector from Version 2.0 to 3.x. We discuss in detail the individual steps of the conversion procedure, starting from data acquisition using vulnerability databases and Natural Language Processing (NLP) algorithms, to the vector mapping process based on the optimisation of ML algorithm parameters, and finally, the application of machine learning to calculate the CVSS 3.x vector components. The calculated example results showed the effectiveness of the proposed method for the conversion of the CVSS 2.0 vector to the CVSS 3.x standard. MDPI 2023-02-06 /pmc/articles/PMC9960370/ /pubmed/36850400 http://dx.doi.org/10.3390/s23041802 Text en © 2023 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Nowak, Maciej Roman Walkowski, Michał Sujecki, Sławomir Support for the Vulnerability Management Process Using Conversion CVSS Base Score 2.0 to 3.x |
| title | Support for the Vulnerability Management Process Using Conversion CVSS Base Score 2.0 to 3.x |
| title_full | Support for the Vulnerability Management Process Using Conversion CVSS Base Score 2.0 to 3.x |
| title_fullStr | Support for the Vulnerability Management Process Using Conversion CVSS Base Score 2.0 to 3.x |
| title_full_unstemmed | Support for the Vulnerability Management Process Using Conversion CVSS Base Score 2.0 to 3.x |
| title_short | Support for the Vulnerability Management Process Using Conversion CVSS Base Score 2.0 to 3.x |
| title_sort | support for the vulnerability management process using conversion cvss base score 2.0 to 3.x |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9960370/ https://www.ncbi.nlm.nih.gov/pubmed/36850400 http://dx.doi.org/10.3390/s23041802 |
| work_keys_str_mv | AT nowakmaciejroman supportforthevulnerabilitymanagementprocessusingconversioncvssbasescore20to3x AT walkowskimichał supportforthevulnerabilitymanagementprocessusingconversioncvssbasescore20to3x AT sujeckisławomir supportforthevulnerabilitymanagementprocessusingconversioncvssbasescore20to3x |