این سایت در حال حاضر پشتیبانی نمی شود و امکان دارد داده های نشریات بروز نباشند
International Journal of Information and Communication Technology Research (IJICT، جلد ۹، شماره ۴، صفحات ۵۷-۶۸
عنوان فارسی
چکیده فارسی مقاله
کلیدواژه‌های فارسی مقاله
عنوان انگلیسی Dynamic Risk Assessment System for the Vulnerability Scoring
چکیده انگلیسی مقاله One of the key factors that endangers network security is software vulnerabilities. So, increasing growth of vulnerability emergence is a critical challenge in security management. Also, organizations constantly encounter the limited budget problem. Therefore, to do network hardening in a cost-benefit manner, quantitative vulnerability assessment for finding the most critical vulnerabilities is a vital issue. The most prominent vulnerability scoring systems is CVSS (Common Vulnerability Scoring System) that ranks vulnerabilities based on their intrinsic characteristics. But in CVSS, Temporal features or the effect of existing patches and exploit tools in risk estimation of vulnerabilities are ignored. So, CVSS scores are not accurate. Another deficiency with CVSS that limits its application in real networks is that, in CVSS, only a small set of scores is used for discriminating between numerous numbers of vulnerabilities.  To improve the difficulties with existing scoring systems, here some security metrics are defined that rank vulnerabilities by considering their temporal features beside their intrinsic ones. Also, by the aim of improving scores diversity in CVSS, a new method is proposed for Impact estimation of vulnerability exploitation on security parameters of the network. Performing risk assessment by considering the type of the attacker which endangers the network security most is another novelty of this paper.
کلیدواژه‌های انگلیسی مقاله
نویسندگان مقاله | Marjan Keramati


نشانی اینترنتی http://ijict.itrc.ac.ir/browse.php?a_code=A-10-27-7&slc_lang=en&sid=1
فایل مقاله اشکال در دسترسی به فایل - ./files/site1/rds_journals/417/article-417-1212310.pdf
کد مقاله (doi)
زبان مقاله منتشر شده en
موضوعات مقاله منتشر شده فناوری اطلاعات
نوع مقاله منتشر شده پژوهشی
برگشت به: صفحه اول پایگاه   |   نسخه مرتبط   |   نشریه مرتبط   |   فهرست نشریات