IJSTR

International Journal of Scientific & Technology Research

Home Contact Us
ARCHIVES
ISSN 2277-8616











 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

IJSTR >> Volume 8 - Issue 10, October 2019 Edition



International Journal of Scientific & Technology Research  
International Journal of Scientific & Technology Research

Website: http://www.ijstr.org

ISSN 2277-8616



Ivsev: Improved Vulnerability Scoring Mechanism With Environment Representative And Vulnerability Type

[Full Text]

 

AUTHOR(S)

Gagandeep Chawla, Dr. Neeraj Sharma, Dr. Narender Kumar Rawal

 

KEYWORDS

CVSS, IVSE, IVSV, NVD, IVSEV, Base score, Vulnerability.

 

ABSTRACT

A failure to make security a priority while developing software invites intruders to perform malicious activities like money laundering, social engineering attack and loss of other important business information. Computer systems such as Servers, Workstations and even mobiles are vulnerable to attack from many avenues. A single severe vulnerability that allows intruders to get root access to the system is probably more crucial than several low severe vulnerabilities. A successful recognition of vulnerability plays an important role in lowering down the risk of attacks. For years, researchers and other institutions are working for the betterment of vulnerability scoring systems. Numerous security measures and tools are available which makes the software much harder for intruders. Meanwhile security breaches and risk is also rising, which doesn’t stop with the development of security techniques. Once vulnerability is detected, it is important to release a patch at the earliest before it makes any damage. Scoring systems like CVSS is used to produce numerical score of vulnerability reflecting its severity level. On the basis of evaluated score security team could assess the security situation of the system including host and network. CVSS uses three metric groups (Base, Temporal and Environmental) to calculate the severity of vulnerabilities. In this paper, we propose a mechanism IVSEV (Improved Vulnerability scoring system with ‘Environment representative’ and ‘Vulnerability type’) for the better assessment of vulnerabilities. The proposed IVSEV adds two new features ER “Environment Representative” & VT “Vulnerability type” into conventional CVSS-v2 base score equation.

 

REFERENCES

[1] Xinbo Ban, Shigang Liu, “A performance evaluation of deep-learnt features for software vulnerability detection” Wiley November 2018.
[2] Laurent Gallon, Mont de Marsan, “On the impact of environmental metrics on CVSS Scores” IEEE 2010 International Conference on Social computing.
[3] Akansha Rastogi, Kendall E. Nygard “Software Engineering Principles and Security Vulnerabilities” EPiC series in Computing, 2019.
[4] Saniora R. Duclervil, Jing-Chiou Liou “The study of the Effectiveness of the Secure Software Development Life Cycle Models in IT Project Management" Springer Nature Switzerland AG 2019
[5] Ruyi Wang, Ling Gao “An improved CVSS-based vulnerability scoring mechanism” 2011 Third International Conference on Multimedia Information Networking and Security
[6] Ayodele Oluwaseun Ibidapo, Pavol Zavarsky “An Analysis of CVSS v2 Environment Scoring” IEEE 2011 International Conference on Social Computing.
[7] Georgios Spanos, Angeliki Sioziou “WIVSS: A New Methodology for Scoring Information Systems Vulnerabilities” PCI 2013.
[8] Gagandeep Chawla, Neeraj Sharma “IVSE: An Improved CVSS Base score mechanism with Environment representative” JETIR 2018.
[9] Gagandeep Chawla, Neeraj Sharma “IVSV: An Improved CVSS Base score mechanism with Vulnerability type” IJEAT 2019.
[10] Peter Mell, Karen Scarfone, “A Complete Guide to the Common Vulnerability Scoring System Version 2.0” June 2007.