Research On Vulnerability Risk Assessment Method Based On CVSS

Security vulnerability severity threat assessment is an important part in the field of information security,it is based on the related attributes of the vulnerability itself.Through measuring vulnerability threat assessment indicators comprehensively,the security vulnerability severity threat can be got.According to this,the repair resources could be allocated rationally.Priority should be given to high levels of threat severity.The Common Vulnerability Scoring System(CVSS)is an open and free risk assessment system for security companies to assess the threat level of the security vulnerability.However,CVSS is very subjective in the selection of evaluation criteria and the weight allocation of evaluation indexes,and the evaluation process is poor repeatability.This paper put forward and designed a kind of vulnerability scoring index weight allocation method based on the CVSS and combined with grey correlation analysis.In the end,the feasibility and effectiveness of the method was verified by the related experiment.Firstly,the basic concept and theory of security vulnerabilities was discussed in this paper.This paper gives summaries of threat level assessment standards and evaluation methods currently,the CVSS risk assessment system was mainly analyzed,its advantages and disadvantages was summarized,a theoretical basis was provided for the subsequent research of the vulnerability risk assessment method.Secondly,this paper put forward and designed an optimal search method of the vulnerability base score index weight distribution.The weight search method cut through the risk of economic loss and threat of damage from a vulnerability threat and the reversibility of the damage consequences.In accordance with this,the confidentiality,integrity and availability were sorted according to their relative importance.Combining with the CVSS,an index weight distribution model of optimal search method was put forward.The results of the weight distribution of the model were presented in this paper,which provided the input value of the calculation model based on the grey correlation degree.Then,an index weight method based on grey correlation degree was put forward in this paper.This method integrated the grey correlation degree analysis into the evaluation of theweight distribution of the vulnerability base scoring index,which maked the distribution of the weights more objective.By using grey correlation method and related mathematical model,the index weight distribution was performed.The weight allocation results of the performance of the optimal search method was made as the input value to its calculated model.Ultimately,the operation result was normalized.Finally,the effectiveness of the proposed index weight allocation method was verified.By using the National Vulnerability Database(NVD)as the experimental sample data source,the feasibility and the effectiveness of the proposed weight allocation method had been proved.