欢迎您!东篱公司
退出
-
申报数据库
-
立项数据库
-
成果数据库
-
项目获奖数据库
中文摘要:
针对通用漏洞评分系统(CVSS)的基础评分指标权重分配过多依赖专家经验导致客观性不足的问题,提出一种漏洞威胁基础评分指标权重分配方法。首先,对评分要素的相对重要性进行排序;然后,采用指标权重组合最优搜索方法搜索权重组合方案;最后,结合灰色关联度分析方法,将基于专家经验决策的多个权重分配方案作为输入,获得权重组合方案。实验结果表明,与CVSS相比,从定量角度对比分析,所提方法评分结果分值分布比CVSS更为平缓连续,有效地避免了过多极端值的出现,并且评分分值分布的离散化更能客观有效地区分不同漏洞威胁的严重性;从定性角度对比分析,与CVSS中绝大多数漏洞(92.9%)被定为中高严重级别相比,所提方法在漏洞严重等级分配上实现了更为均衡的特征分布。
英文摘要:
The basic scoring index weight distribution of the Common Vulnerability Scoring System (CVSS) relies too much on expert experience, which leads to the lack of objectivity. In order to solve the problem, a vulnerability basic scoring index weight distribution method was proposed. Firstly, the relative importances of scoring elements were sorted. Then, the index weight combination optimal search method was used to search the weight combination scheme. Finally, combined with the grey relation analysis method, the multiple weight distribution schemes based on expert experience decision were used as the input to obtain the weight combination scheme. The experimental results show that, compared with CVSS, from the quantitative point of view, the proposed method has more gentle score distribution of scoring results than the CVSS, which effectively avoids the excessive extreme values, and the discretization of score distribution can effectively distinguish the severity of different vulnerabilities objectively and effectively. The comparative analysis from the qualitative point of view show that, while the vast majority of vulnerabilities (92.9%) in CVSS are designated as the high level of severity, the proposed method can achieve more balanced characteristic distribution in grade distribution of vulnerability severity.
同期刊论文项目
同项目期刊论文
期刊信息
位置: