微信服务号

微信订阅号

2025-4-24- 14
Home > Archive>Volume 29, Issue 5, 2018 >1213-1229. DOI:10.13328/j.cnki.jos.005507
PDF HTML XML Export Cite reminder
Vulnerability Life Cycle Oriented Security Risk Metric Method
Author:
Affiliation:

Fund Project:

National Key Research and Development Program of China (2016YFF0204002, 2016YFF0204003); Equipment Pre-Research Foundation During the 13th Five-Year Plan Period (6140002020115); CCF-Venus "Hongyan" Scientific Research Plan Foundation (2017003); Science and Technology Leading Talent Project of Zhengzhou (131PLJRC644); Ant Financial Scientific Research Foundation

  • Article
    • | |
  • Metrics
    • |
  • Reference
    • |
  • Related
    • |
  • Cited by
    • | |
  • Comments
    Abstract:

    In order to reflect the dynamic change of vulnerability security risk over time in an information system,this paper developed a life cycle stochastic model based on the absorbing Markov.The prior historical vulnerability information is used as the input.Then the state transition probability matrix of vulnerability life cycle is constructed.Specifically,the state evolution process is simulated in the dimension of time using matrix deduction.Meanwhile,the common vulnerability scoring system (CVSS) is utilized to measure the threat impact of vulnerabilities in the network system.Furthermore,a quantitative risk method to measure security vulnerability in terms of time dimension is provided to analyze some probability evolution rules with respect to the states of vulnerability life cycle.Finally,the exploits by the ransomware "WannaCry" in a typical APT attack scenario are taken as an example to verify the rationality and validity of the presented model and method.

    Reference
    Related
    Cited by
Get Citation

胡浩,叶润国,张红旗,常德显,刘玉岭,杨英杰.面向漏洞生命周期的安全风险度量方法.软件学报,2018,29(5):1213-1229

Copy
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:July 05,2017
  • Revised:August 29,2017
  • Adopted:November 21,2017
  • Online: January 09,2018
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the first2038085Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063