Skip to Main content Skip to Navigation
Conference papers

Fighting N-Day Vulnerabilities with Automated CVSS Vector Prediction at Disclosure

Abstract : The Common Vulnerability Scoring System (CVSS) is the industry standard for describing the characteristics of a software vulnerability and measuring its severity. However, during the first days after a vulnerability disclosure, the initial human readable description of the vulnerability is not available as a machine readable CVSS vector yet. This situation creates a period of time when only expensive manual analysis can be used to react to new vulnerabilities because no data is available for cheaper automated analysis yet. We present a new technique based on linear regression to automatically predict the CVSS vector of newly disclosed vulnerabilities using only their human readable descriptions, with a strong emphasis on decision explicability. Our experimental results suggest real world applicability.
Document type :
Conference papers
Complete list of metadata

Cited literature [23 references]  Display  Hide  Download

https://hal.inria.fr/hal-02895913
Contributor : Clément Elbaz <>
Submitted on : Friday, July 10, 2020 - 11:14:46 AM
Last modification on : Wednesday, December 2, 2020 - 5:38:42 PM
Long-term archiving on: : Monday, November 30, 2020 - 7:34:17 PM

File

HAL_fighting_ndays_vulnerabili...
Files produced by the author(s)

Identifiers

  • HAL Id : hal-02895913, version 1

Citation

Clément Elbaz, Louis Rilling, Christine Morin. Fighting N-Day Vulnerabilities with Automated CVSS Vector Prediction at Disclosure. ARES 2020 - International Conference on Availability, Reliability and Security, Aug 2020, Virtual Event, Ireland. pp.1-10. ⟨hal-02895913⟩

Share

Metrics

Record views

348

Files downloads

556