A Vulnerability Prioritization System Using A Fuzzy Risk Analysis Approach

نویسنده

  • Maxwell G. Dondo
چکیده

In this work, we present a fuzzy systems approach for assessing the relative potential risk associated with computer network assets exposed to attack by vulnerabilities. We use this approach to rank vulnerabilities so that analysts can prioritize their work based on the potential risk exposure of assets and networks. We associate vulnerabilities with individual assets, and therefore networks, and develop fuzzy models of the vulnerability attributes. Fuzzy rules are then used to make an inference on the risk exposure and the likelihood of attack, which allows us to rank the vulnerabilities and show which ones need more immediate attention. We argue that our approach has more meaningful vulnerability prioritization values than the severity level calculated by the popular Common Vulnerability Scoring System (CVSS) approach.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Prioritization Model for HSE Risk Assessment Using Combined Failure Mode, Effect Analysis, and Fuzzy Inference System: A Case Study in Iranian Construction Industry

The unavailability of sufficient data and uncertainty in modeling, some techniques, and decision-making processes play a significant role in many engineering and management problems.  Attain to sure solutions for a problem under accurate consideration is essential.  In this paper, an application of fuzzy inference system for modeling the indeterminacy involved in the problem of HSE risk assessm...

متن کامل

Seismic Risk Assessment of Reinforced Concrete Buildings Using Fuzzy Rule Based Modeling

Seismic resiliency of new buildings has improved over the years due to improved seismic codes and design practices. However, vulnerability of seismically deficient older buildings, designed and built on the basis of older codes of practice, poses a significant threat to life safety and survivability of buildings. It is economically not feasible to retrofit the entire seismically deficient infra...

متن کامل

Risk Analysis of Operating Room Using the Fuzzy Bayesian Network Model

To enhance Patient’s safety, we need effective methods for risk management. This work aims to propose an integrated approach to risk management for a hospital system. To improve patient’s safety, we should develop flexible methods where different aspects of risk and type of information are taken into consideration. This paper proposes a fuzzy Bayesian network to model and analyze risk in the op...

متن کامل

Risk Analysis in E-commerce via Fuzzy Logic

This paper describes the development of a fuzzy decision support system (FDSS) for the assessment of risk in E-commerce (EC) development. A Web-based prototype FDSS is suggested to assist EC project managers in identifying potential EC risk factors and the corresponding project risks. A risk analysis model for EC development using a fuzzy set approach is proposed and incorporated into the FDSS....

متن کامل

Urban Vulnerability Analysis Against earthquake hazard With the ELECTRE FUZZY method (Case Study: Karaj Metropolis)

Today, in view of the growing population and population density in urban areas, especially in densely populated and susceptible cities, the need for an inclusive and comprehensive approach to natural disasters and disasters caused by their occurrence has become more evident . Focusing more than the size of the population in specific urban areas, lack of preventive planning and lack of readiness...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2008