检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:郑敬华 开少锋 施凡 ZHENG Jinghua;KAI Shaofeng;SHI Fan(College of Electronic Engineering,National University of Defense Technology,Hefei 230037,China)
出 处:《中国科学院大学学报(中英文)》2024年第6期842-852,共11页Journal of University of Chinese Academy of Sciences
基 金:国家重点研发项目(2021YFB3100500)资助。
摘 要:通用漏洞评分系统是目前应用最为广泛的漏洞评估方法,但其评估结果偏向于漏洞本身的危害性,而未考虑网络环境因素。针对上述问题,提出一种面向网络环境的漏洞可利用性评估方法,基于群体专家经验,利用统计学方法选择漏洞属性,构建漏洞可利用性评估指标体系。同时,结合网络环境属性,基于最近邻算法对漏洞可利用性进行评估。该方法能对已知和未知漏洞进行精准的智能化评估,既融合了网络环境对漏洞可利用性的影响,又降低了专家经验的依赖程度。最后通过实验验证了该方法的有效性。The common vulnerability scoring system is the most widely used vulnerability evaluation method,but its evaluation results tend to be the harmfulness of the vulnerability itself,ignoring the network environment factors.In view of the above problems,we propose a network environment-oriented vulnerability exploitability assessment method.Based on the experience of group experts,using statistical methods to select vulnerability attributes,the vulnerability exploitability assessment metric system is constructed.And combined with the target environment attributes,this method can evaluate the vulnerability exploitability based on the K-nearest neighbor(KNN)algorithm.This method performs accurate and intelligent assessment of known and unknown vulnerabilities,integrating the impact of the target environment and reducing the reliance on expert experience.At last,we validate the method through experiments.Our method provides a scientific decision-making basis for network security protection measures.
关 键 词:网络安全 漏洞评估 可利用性 指标约简 机器学习
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.191.102.140