摘要
Security measures for a computer network system can be enhanced with better understanding the vulnerabilities and their behavior over the time. It is observed that the effects of vulnerabilities vary with the time over their life cycle. In the present study, we have presented a new methodology to assess the magnitude of the risk of a vulnerability as a “Risk Rank”. To derive this new methodology well known Markovian approach with a transition probability matrix is used including relevant risk factors for discovered and recorded vulnerabilities. However, in addition to observing the risk factor for each vulnerability individually we have introduced the concept of ranking vulnerabilities at a particular time taking a similar approach to Google Page Rank Algorithm. New methodology is exemplified using a simple model of computer network with three recorded vulnerabilities with their CVSS scores.
Security measures for a computer network system can be enhanced with better understanding the vulnerabilities and their behavior over the time. It is observed that the effects of vulnerabilities vary with the time over their life cycle. In the present study, we have presented a new methodology to assess the magnitude of the risk of a vulnerability as a “Risk Rank”. To derive this new methodology well known Markovian approach with a transition probability matrix is used including relevant risk factors for discovered and recorded vulnerabilities. However, in addition to observing the risk factor for each vulnerability individually we have introduced the concept of ranking vulnerabilities at a particular time taking a similar approach to Google Page Rank Algorithm. New methodology is exemplified using a simple model of computer network with three recorded vulnerabilities with their CVSS scores.