Vulnerability Assessment Combining CVSS Temporal Metrics and Bayesian Networks
Stefano Perone, Simone Guarino, Luca Faramondi, Roberto Setola
TL;DR
This paper introduces a novel vulnerability assessment method that combines CVSS temporal metrics with Bayesian networks to improve accuracy and adaptability in prioritizing cybersecurity risks.
Contribution
It integrates temporal vulnerability data with probabilistic Bayesian models, enhancing existing assessment techniques with dynamic, data-driven evaluation capabilities.
Findings
Improved vulnerability prioritization accuracy
Dynamic updating of vulnerability scores
Enhanced decision-making in cybersecurity risk management
Abstract
Vulnerability assessment is a critical challenge in cybersecurity, particularly in industrial environments. This work presents an innovative approach by incorporating the temporal dimension into vulnerability assessment, an aspect neglected in existing literature. Specifically, this paper focuses on refining vulnerability assessment and prioritization by integrating Common Vulnerability Scoring System (CVSS) Temporal Metrics with Bayesian Networks to account for exploit availability, remediation efforts, and confidence in reported vulnerabilities. Through probabilistic modeling, Bayesian networks enable a structured and adaptive evaluation of vulnerabilities, allowing for more accurate prioritization and decision-making. The proposed approach dynamically computes the Temporal Score and updates the CVSS Base Score by processing data on exploits and fixes from vulnerability databases.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.