Normalization of Severity Rating for Automated Context-aware Vulnerability Risk Management

机译：自动化的上下文感知漏洞风险管理的严重性等级标准化

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

In the last three years, the unprecedented increase in discovered vulnerabilities ranked with critical and high severity raise new challenges in Vulnerability Risk Management (VRM). Indeed, identifying, analyzing and remediating this high rate of vulnerabilities is labour intensive, especially for enterprises dealing with complex computing infrastructures such as Infrastructure-as-a-Service providers. Hence there is a demand for new criteria to prioritize vulnerabilities remediation and new automated/autonomic approaches to VRM.In this paper, we address the above challenge proposing an Automated Context-aware Vulnerability Risk Management (ACVRM) methodology that aims: to reduce the labour intensive tasks of security experts; to prioritize vulnerability remediation on the basis of the organization context rather than risk severity only. The proposed solution considers multiple vulnerabilities databases to have a great coverage on known vulnerabilities and to determine the vulnerability rank. After the description of the new VRM methodology, we focus on the problem of obtaining a single vulnerability score by normalization and fusion of ranks obtained from multiple vulnerabilities databases. Our solution is a parametric normalization that accounts for organization needs/specifications.

机译：在过去的三年中，发现的漏洞数量前所未有地增加，其严重程度和严重程度排名很高，这给漏洞风险管理（VRM）带来了新的挑战。确实，识别，分析和补救这种高漏洞率是非常费力的，特别是对于处理诸如基础架构即服务提供商之类的复杂计算基础架构的企业而言。因此，需要新的标准来优先考虑漏洞修复的优先级以及采用新的VRM自动化/自动方法。在本文中，我们解决了上述挑战，提出了一种自动化的上下文感知漏洞风险管理（ACVRM）方法，其目的是：减少工作量安全专家的繁重任务;根据组织环境而不是仅根据风险严重性来确定漏洞修复的优先级。提出的解决方案考虑了多个漏洞数据库，可以很好地覆盖已知漏洞并确定漏洞等级。在对新的VRM方法进行描述之后，我们将重点讨论通过规范化和融合从多个漏洞数据库获得的等级来获得单个漏洞评分的问题。我们的解决方案是一种参数归一化，可以解决组织的需求/规范。

著录项

来源
《IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion》|2020年|200-205|共6页
会议地点
作者
Vida Ahmadi; Patrik Arlos; Emiliano Casalicchio;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Organizations; Databases; Security; Tools; Risk management; Software; Computer science;

机译：组织;数据库;安全性;工具;风险管理;软件;计算机科学;

相似文献

外文文献
中文文献
专利

1. Vulnerabilities and Countermeasures in Context-Aware Social Rating Services [J] . QINYUAN FENG, LING LIU, YAFEI DAI ACM Transactions on Internet Technology . 2011,第3期

机译：上下文感知的社会评级服务中的漏洞和对策
2. Risk Rating Method Based on the Severity Probability Risk Value and Reserved Risk Maintenance Resource Cost of the Node Disconnection of the Power System [J] . Qingwu Gong, Si Tan Processes . 2019,第5期

机译：电力系统节点断开的严重性概率风险值和预留风险维护资源成本的风险评估方法
3. Feasibility and validation of a computer-automated Columbia-Suicide Severity Rating Scale using interactive voice response technology. [J] . Mundt JC, Greist JH, Gelenberg AJ, Journal of psychiatric research . 2010,第16期

机译：使用交互式语音响应技术的计算机自动哥伦比亚自杀严重性等级量表的可行性和验证。
4. Vulnerability to flood risks in Japanese urban areas: crisis management and emergency response for efficient evacuation management [C] . M. Thomas, T. Tsujimoto Flood recovery, innovation and response IV . 2014

机译：日本城市地区易受洪水风险的影响：危机管理和应急响应，以实现有效的疏散管理
5. Transforming Vulnerabilities into Context-Aware, Visible Risks [D] . ?Jung, Bill 2020

机译：将漏洞转化为上下文知识，可见风险
6. Quantitative assessment of disease severity and rating of barley cultivars based on hyperspectral imaging in a non-invasive automated phenotyping platform [O] . Stefan Thomas, Jan Behmann, Angelina Steier, 2018

机译：基于高光谱成像技术在无创自动表型平台上对大麦品种的疾病严重程度和等级进行定量评估
7. Does the timing of suicide risk assessments influence ratings of risk severity? [O] . Carol Chu, Kimberly A. Van Orden, Jessica D. Ribeiro, 2017

机译：自杀风险评估的时间是否会影响风险严重程度的评级？

Normalization of Severity Rating for Automated Context-aware Vulnerability Risk Management

摘要

著录项

相似文献

相关主题

期刊订阅