| Title | A Conditional Probability Computation Method for Vulnerability Exploitation Based on CVSS |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Zhang, H., Lou, F., Fu, Y., Tian, Z. |
| Conference Name | 2017 IEEE Second International Conference on Data Science in Cyberspace (DSC) |
| Keywords | authentication, BAG, Bayes methods, bayesian attack graphs, Complexity theory, Computing Theory, conditional probability, conditional probability computation method, CVSS, CVSS metric version 1.0, CVSS metric version 3.0, CVSS metric version v2.0, Gold, graph theory, Measurement, Metrics, network security assessment, NIST common vulnerability scoring system, NIST CVSS, pubcrawl, security metrics, security of data, vulerability exploitation, vulnerability exploitation |
| Abstract | Computing the probability of vulnerability exploitation in Bayesian attack graphs (BAGs) is a key process for the network security assessment. The conditional probability of vulnerability exploitation could be obtained from the exploitability of the NIST's Common Vulnerability Scoring System (CVSS). However, the method which N. Poolsappasit et al. proposed for computing conditional probability could be used only in the CVSS metric version v2.0, and can't be used in other two versions. In this paper, we present two methods for computing the conditional probability based on CVSS's other two metric versions, version 1.0 and version 3.0, respectively. Based on the CVSS, the conditional probability computation of vulnerability exploitation is complete by combining the method of N. Poolsappasit et al. |
| DOI | 10.1109/DSC.2017.33 |
| Citation Key | zhang_conditional_2017 |
A Conditional Probability Computation Method for Vulnerability Exploitation Based on CVSS