A Vulnerability Risk Assessment Method Based on Heterogeneous Information Network

Wang, Wenrui; Shi, Fan; Zhang, Min; Xu, Chengxi; Zheng, Jinghua

doi:10.1109/access.2020.3015551

Cited by 12 publications

(4 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A software vulnerability rating method, SVRA, was proposed, which uses a vulnerability database to analyze the frequency of CVSS metrics at diferent times, and then gives equations for exploitability and impact scores based on these frequencies. Wang et al [33] considered that CVSS metrics ignore the impact of vulnerabilities on specifc networks, i.e., the same vulnerabilities that exist in diferent network environments are assigned duplicate values, and the attack graph still sufers from scalability and readability issues. To address the above issues, the authors innovatively propose a vulnerability risk assessment method based on heterogeneous information networks.…”

Section: Related Workmentioning

confidence: 99%

VulDistilBERT: A CPS Vulnerability Severity Prediction Method Based on Distillation Model

Kai

Shi

Zheng

2023

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

With the vigorous development of the Internet, the ecosystem of cyber-physical systems is also developing at a high speed, but cyber-physical systems may be accompanied by unknown vulnerabilities in the process of concrete implementation. Thus, the number of vulnerabilities in cyber-physical systems has been increasing year by year. The vulnerability evaluation speed cannot keep up with the vulnerability exposure speed. The traditional manual evaluation method can no longer effectively deal with such large-scale vulnerabilities, resulting in a backlog of vulnerabilities. Therefore, the vulnerability evaluation results have a certain lag. To address this problem, the paper proposes a vulnerability severity assessment method based on the distillation model. The method first uses data augmentation and integration of optimal subsets to improve the amount of information in the vulnerability description text, then uses the DistilBERT model to characterize the text of the vulnerability description text, and then the characterized feature vectors are classified based on the linear layer to achieve the purpose of assessing vulnerability severity. Compared with the current method of manual assessment based on the CVSS metric system, this method can automate the assessment of vulnerabilities based on vulnerability description text, which improves the speed of vulnerability assessment, and the assessment accuracy and other metrics achieved by this method are improved compared with similar studies. This approach provides an automated solution for cyber-physical systems vulnerability assessment and can better address the current situation where cyber-physical systems vulnerabilities are being exposed at an accelerated rate.

show abstract

Section: Related Workmentioning

confidence: 99%

VulDistilBERT: A CPS Vulnerability Severity Prediction Method Based on Distillation Model

Kai

Shi

Zheng

2023

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

show abstract

“…Wang., et al, [4] proposed a ranking method based on the heterogeneous information network to assess the vulnerability risk in a specific network. It considers the exploitability of a vulnerability, the impact of a vulnerability on the network components, and the importance of the vulnerable components and the authors compare the proposed method with CVSS and attack graph-based methods.…”

Section: Related Workmentioning

confidence: 99%

“…To enhance the model for detecting and preventing the various attacks in the heterogeneous web application since the tools used earlier will not ensure prevention mechanisms to mitigate detected vulnerabilities and attacks. The objective is also to incorporate suitable machine learning techniques into the model for accurate and effective prediction and forecasting of attacks with their root causes, to analyze the impact of attack penetration level from web application to web services and to mitigate the percentage of vulnerabilities and attacks by recommending preventive measures and best practices [4]. Due to the diversity in the detection techniques, there is a need for a standard model for detecting all possible vulnerabilities.…”

Section: Introductionmentioning

confidence: 99%

Vulnerability Assessment in Heterogeneous Web Environment Using Probabilistic Arithmetic Automata

et al. 2021

View full text Add to dashboard Cite

In the current scenario most of the business enterprises are running through web applications. But the major drawback is that they fail to provide a secure environment. To overcome this security issue in web applications, there are many vulnerability detection tools are available at present. But these tools are not proactive and consistent as it does not adapt to all kinds of recent updates and is unable to track new emerging vulnerabilities. For the longterm functioning of a business enterprise, statistical data with efficient analytics on vulnerabilities is required to enhance its security impacts. Predictive Analytics is a powerful solution to effectively arm the recent incident response to modern-day threats. Predictive Analytics provides a proactive and decision-making approach and insights into how well security programs are working. It can also help to identify problem areas and can warn about imminent or active attacks in heterogeneous web applications to enhance the former features and analyze the origin and pattern of the attack in a more effective manner. The pattern analyzed through research is given as an input to the Machine Learning techniques such as Deterministic Arithmetic Automata (DAA), Probabilistic Arithmetic Automata (PAA) to predict the probabilistic value as an output. From the obtained probabilistic values, we can detect the cause of an attack, prevent the heterogeneous web application of business enterprises from further impacts and find the penetration level of an attack from web application to web service.INDEX TERMS Security Analytics, Deterministic Arithmetic Automata (DAA), Probabilistic Arithmetic Automata (PAA), heterogeneous web application.

show abstract

“…In this paper, Jasna Markovic-Petrovic, Mirjana Stojanovic and Slavica Bostjancic Rakas proposed a new method for security risk assessment in supervisory control and data acquisition (SCADA) networks using fuzzy logic [5]. Wenrui Wang, Fan Shi, Min Zhang, Chengxi Xu and Jinghua Zheng proposed a heterogeneous information network based ranking method for vulnerability risk assessment in a particular network [6]. Jiali Wang, Martin Neil and Norman Fenton obtained a combined Extended Factor Analysis of Information Risk-Bayesian Networks (EFBN) approach using Monte Carlo simulation and showed that it can provide an integrated solution for cybersecurity risk assessment and decision making [7].…”

Section: Introductionmentioning

confidence: 99%

Fuzzy Expert System of Information Security Risk Assessment on the Example of Analysis Learning Management Systems

et al. 2021

View full text Add to dashboard Cite

A Vulnerability Risk Assessment Method Based on Heterogeneous Information Network

Cited by 12 publications

References 29 publications

VulDistilBERT: A CPS Vulnerability Severity Prediction Method Based on Distillation Model

VulDistilBERT: A CPS Vulnerability Severity Prediction Method Based on Distillation Model

Vulnerability Assessment in Heterogeneous Web Environment Using Probabilistic Arithmetic Automata

Fuzzy Expert System of Information Security Risk Assessment on the Example of Analysis Learning Management Systems

Contact Info

Product

Resources

About