Sökning: onr:"swepub:oai:DiVA.org:his-19500" >
An Approach to Disc...
An Approach to Discover and Assess Vulnerability Severity Automatically in Cyber-Physical Systems
-
- Jiang, Yuning, 1993- (författare)
- Högskolan i Skövde,Institutionen för informationsteknologi,Forskningsmiljön Informationsteknologi,Distribuerade realtidssystem (DRTS), Distributed Real-Time Systems
-
- Atif, Yacine, 1967- (författare)
- Högskolan i Skövde,Institutionen för informationsteknologi,Forskningsmiljön Informationsteknologi,Distribuerade realtidssystem (DRTS), Distributed Real-Time Systems
-
(creator_code:org_t)
- 2021-02
- 2020
- Engelska.
-
Ingår i: Proceedings of the 13th International Conference on Security of Information and Networks. - New York, NY, USA : Association for Computing Machinery (ACM). - 9781450387514
- Relaterad länk:
-
https://his.diva-por... (primary) (Raw object)
-
visa fler...
-
http://his.diva-port...
-
https://urn.kb.se/re...
-
https://doi.org/10.1...
-
visa färre...
Abstract
Ämnesord
Stäng
- Current vulnerability scoring mechanisms in complex cyber-physical systems (CPSs) face challenges induced by the proliferation of both component versions and recurring scoring-mechanism versions. Different data-repository sources like National Vulnerability Database (NVD), vendor websites as well as third party security tool analysers (e.g. ICS CERT and VulDB) may provide conflicting severity scores. We propose a machine-learning pipeline mechanism to compute vulnerability severity scores automatically. This method also discovers score correlations from established sources to infer and enhance the severity consistency of reported vulnerabilities. To evaluate our approach, we show through a CPS-based case study how our proposed scoring system automatically synthesises accurate scores for some vulnerability instances, to support remediation decision-making processes. In this case study, we also analyse the characteristics of CPS vulnerability instances.
Ämnesord
- TEKNIK OCH TEKNOLOGIER -- Elektroteknik och elektronik -- Inbäddad systemteknik (hsv//swe)
- ENGINEERING AND TECHNOLOGY -- Electrical Engineering, Electronic Engineering, Information Engineering -- Embedded Systems (hsv//eng)
- TEKNIK OCH TEKNOLOGIER -- Elektroteknik och elektronik -- Datorsystem (hsv//swe)
- ENGINEERING AND TECHNOLOGY -- Electrical Engineering, Electronic Engineering, Information Engineering -- Computer Systems (hsv//eng)
Nyckelord
- Cybersecurity
- Text-Mining
- Cyber-Physical System
- Vulnerability Analysis
- CVSS
- Decision making
- Embedded systems
- Turing machines
- Current vulnerabilities
- Cyber physical systems (CPSs)
- Data repositories
- National vulnerability database
- Remediation decision
- Scoring systems
- Security tools
- Third parties
- Network security
- Distribuerade realtidssystem (DRTS)
- Distributed Real-Time Systems
Publikations- och innehållstyp
- ref (ämneskategori)
- kon (ämneskategori)
Hitta via bibliotek
Till lärosätets databas