NationalTwo: A Fuzzy Risk Calculations Approach for a Network Vulnerability Ranking System
Title:
A Fuzzy Risk Calculations Approach for a Network Vulnerability Ranking System
Identifier:
DRDC-OTTAWA-TM-2007-090
STOAbstractExternal:
In this work, we present a fuzzy systems approach for assessing the relative risk associated with computer network assets. We use this approach to rank vulnerabilities so that analysts can prioritise their work based on the potential risk exposures of assets and networks. We associate vulnerabilities to individual assets, and therefore networks, and develop fuzzy models of the vulnerability attributes. We use fuzzy rules to make an inference on the risk exposure and the likelihood of attack, which allows us to rank the vulnerabilities and show which ones need more immediate attention. We argue that our approach has more meaningful vulnerability prioritisation values than the severity level calculated by the popularly used Common Vulnerability Scoring System (CVSS) approach.
STOAuthorExternal:
Dondo, M.
STOClassificationExternal:
UNCLASSIFIED
STOKeywordsExternal:
STOPublisher:
CAN
Language:
English
STOReportSource:
http://pubs.drdc.gc.ca/BASIS/pcandid/www/engpub/DDW?W%3DSYSNUM=527632 ; http://cradpdf.drdc.gc.ca/PDFS/unc65/p527632.pdf
Published:
01/05/2007
Created at 09/11/2016 13:11 by System Account
Last modified at 09/11/2016 15:16 by System Account
Go back to list
Home(NATO STO)