| HAL-Inria | Publications, software ... of Inria's scientists |
Conference papers
Fighting N-Day Vulnerabilities with Automated CVSS Vector Prediction at Disclosure
Abstract : The Common Vulnerability Scoring System (CVSS) is the industry standard for describing the characteristics of a software vulnerability and measuring its severity. However, during the first days after a vulnerability disclosure, the initial human readable description of the vulnerability is not available as a machine readable CVSS vector yet. This situation creates a period of time when only expensive manual analysis can be used to react to new vulnerabilities because no data is available for cheaper automated analysis yet. We present a new technique based on linear regression to automatically predict the CVSS vector of newly disclosed vulnerabilities using only their human readable descriptions, with a strong emphasis on decision explicability. Our experimental results suggest real world applicability.
Cited literature [23 references]
https://hal.inria.fr/hal-02895913
Contributor : Clément Elbaz <>
Submitted on : Friday, July 10, 2020 - 11:14:46 AM
Last modification on : Wednesday, December 2, 2020 - 5:38:42 PM
Long-term archiving on: : Monday, November 30, 2020 - 7:34:17 PM
Contributor : Clément Elbaz <>
Submitted on : Friday, July 10, 2020 - 11:14:46 AM
Last modification on : Wednesday, December 2, 2020 - 5:38:42 PM
Long-term archiving on: : Monday, November 30, 2020 - 7:34:17 PM
File
HAL_fighting_ndays_vulnerabili...
Files produced by the author(s)