期刊文献+

一种漏洞优先级评估模型算法

A Vulnerability Priority Evaluation Model Algorithm
下载PDF
导出
摘要 为解决在处理大量漏洞时,有效地确定漏洞的处置优先级问题,帮助组织聚焦重要的漏洞,在CVSS的基础上,从漏洞对组织造成的实际风险出发,对漏洞优先级评估模型进行设计。评估模型包括了CVSS评分、用户实际环境因子、资产重要性等静态指标,也包括时间因子等动态指标,这些指标都对漏洞的实际风险有极大影响,而这些维度的评价在CVSS评分体系中难以准确量化。 To address the problem of effectively determining the disposal priority of vulnerabilities when dealing with a large number of vulnerabilities,and to help organizations focus on important vulnerabilities,based on CVSS,this paper designs a vulnerability priority evaluation model in terms of the actual risk that vulnerabilities pose to organizations.The evaluation model includes not only static indicators such as CVSS score,user’s actual environment factor,and asset importance,but also dynamic indicators such as time factor,which have a great impact on the actual risk of vulnerabilities,and the evaluation of these dimensions is difficult to accurately quantify in the CVSS scoring system.
作者 曹旭博 钟夫 CAO Xubo;ZHONG Fu(CETC Cyberspace Security Technology Co.,Ltd.,Chengdu Sichuan 610095,China)
出处 《通信技术》 2023年第12期1411-1417,共7页 Communications Technology
关键词 CVSS 漏洞优先级 风险 评估模型 CVSS vulnerability priority
  • 相关文献

参考文献4

二级参考文献29

  • 1刘奇旭,张翀斌,张玉清,张宝峰.安全漏洞等级划分关键技术研究[J].通信学报,2012,33(S1):79-87. 被引量:36
  • 2陆余良,夏阳.主机安全量化融合模型研究[J].计算机学报,2005,28(5):914-920. 被引量:29
  • 3陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法[J].软件学报,2006,17(4):885-897. 被引量:342
  • 4公安部.62.7%的被调查单位发生过网络安全事件[EB/OL].[2008-11-12].http://news.xinhuanet.com/legal/2008-11/12/content_10344228.htm.
  • 5OPPLEMlAN V,FRIEDRICHS O,WATSON B.Extreme exploits:advanced defenses against hardcore hacks[M].Columbus,OH:McGraw-Hill Education Company Inc,2005.
  • 6MELL P,SCARFONE K,ROMANOSKY S.A complete guide to the common vulnerability scoring system version 2.0[EB/OL].[2009-03-04].http://www.first.org/cvss/cvssguide.html.
  • 7邓聚龙,王仲东,李峰.灰预测与灰评估理论及其应用[D].武汉:华中科技大学,2002.
  • 8刘思峰,谢乃明.基于改进三角白化权函数的灰评估方法[J/OL].[2009-03-04].中国科技论文在线http://www.paper.edu.cn.
  • 9LAI Y,HSIA E Using the vulnerability information of computer systems to improve the network security[J].Computer Communications,2007,30(9):2032-2047.
  • 10刘思峰,党耀国,方志耕,等.灰色系统理论及其应用[M].北京:科学出版社,2005.50~96.

共引文献63

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部