Research On Network Security Association Evaluation And Vulnerability Database Design Based On CVSS

With the wide spread and rapid development of computer networks,when the network technology in the service of people's life,more and more vulnerabilities have surfaced.Once these vulnerabilities are used by illegal users,and then control the target hosts or cause serious damage to the target hosts.The presence of a large number of vulnerabilities and different degrees,making the score becomes more important.If the vulnerability information is effectively collected,the standard score,timely processing,publishing,fixing vulnerabilities,can make the security risks greatly reduced.Therefore,it is very important to design a perfect security vulnerability database for security vulnerability management.This paper mainly contains the following aspects:Firstly,this paper studies the status of vulnerability scoring criteria and security database,and analyzes their respective advantages and disadvantages.Research and analysis the concept,classification and harm of security vulnerabilities,and studies the theoretical knowledge of security vulnerability assessment technology.Secondly,this paper studies the vulnerability assessment method based on CVSS indexes.Through the research on the Common Vulnerability Scoring System,added the time and environment factors,extracted vulnerability exploitability index and vulnerability impact index,established a new vulnerability assesment index system,using principle component analysis method to handle the indexes and obtained the weight percentage of each index,and finally got a single vulnerability assessment results.Thirdly,this paper also studies the network security evaluation assessment based on the attack graph.Analysed the concept and establishment of the attack graph model,put forward an algorithm based on the elevated privileges and combination of breadth forward and backward searching to raise the attack graph;It gives the calculation method of the probability of the vulnerability node in the attack graph,and gives the method of network security evaluation based on the risk assessment model,and graspes the security situation of the network as a whole.Finally,this paper studies the application of network security association evaluation in security vulnerability database.This paper studies the overall design of security vulnerability database,and detailed design and impletment of each four modules:vulnerability information collection module,vulnerability security assessment module,vulnerablity response processing module and vulnerability management module.