Abstract
CVSS is one of the most representative quantitative assessment algorithms for security vulnerabilities. The calculated values of vulnerability harm according to the given index and formula. However, there is still insufficient objectivity of CVSS. Expert System is a kind of expert system for vulnerabilities; the severity of vulnerability can be assessed by experts based on the Expert System. The objectivity of Expert System and CVSS is analyzed, and CVSS is revised based on Expert System. The relationship between the above systems and the CWE, and between above systems and Product is analyzed, respectively, in the process. A new way of using Expert System is put forward based on CWE, namely, CWE Cycle Sorting Algorithm, in order to sort the average of vulnerability severity. Meanwhile, CWE Sort Factor is put forward based on CWE Cycle Sorting Algorithm to modify CVSS. The result is closer to the Expert System in terms of objectivity.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
CVSS, Common Vulnerability Scoring System. http://nvd.nist.gov/cvss.cfm[EB/OL]. (2014-08-01) [2015-08-01]
NVD, National Vulnerability Database. http://nvd.nist.gov[EB/OL]. (2014-08-01) [2015-08-01]
Wang, L.Y., Jajodia, S., Singhal, A., et al.: K-zero day safety a network security metric for measuring the risk of unknown vulnerabilities. IEEE Trans. Dependable Secure Comput. 11(1), 30–44 (2013)
Holm, H., Ekstedt, M., Andersson, D.: Empirical analysis of system-level vulnerability metrics through actual attacks. IEEE Trans. Dependable Secure Comput. 9(6), 825–837 (2012)
CWE, Common Weakness Enumeration. http://cwe.mitre.org/[EB/OL]. 2015-08-01
Acknowledgements
This paper is supported by Beijing NOVA Program (Z181100006218041); the National Key R&D Program of China (2016YFB0800700), the National Natural Science Foundation of China (61572460, 61272481), the Open Project Program of the State Key Laboratory of Information Security (2017-ZD-01), the National Information Security Special Projects of National Development and Reform Commission of China [(2012)1424], and China 111 Project (B16037).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Tao, W., Yuqing, Z., Bo, Z., Jing, L., Yunxiang, Y., Jing, G. (2020). A Novel Improved System Based on CVSS. In: Liang, Q., Liu, X., Na, Z., Wang, W., Mu, J., Zhang, B. (eds) Communications, Signal Processing, and Systems. CSPS 2018. Lecture Notes in Electrical Engineering, vol 517. Springer, Singapore. https://doi.org/10.1007/978-981-13-6508-9_123
Download citation
DOI: https://doi.org/10.1007/978-981-13-6508-9_123
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-6507-2
Online ISBN: 978-981-13-6508-9
eBook Packages: EngineeringEngineering (R0)