NORMA eResearch @NCI Library

A Hybrid Approach to Generate Severity Scores for Prioritization of Vulnerabilities

Gusain, Vivek Singh (2024) A Hybrid Approach to Generate Severity Scores for Prioritization of Vulnerabilities. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
PDF (Master of Science)
Download (860kB) | Preview
[thumbnail of Configuration Manual]
Preview
PDF (Configuration Manual)
Download (1MB) | Preview

Abstract

The origin of cyber security stemmed due to the presence of weaknesses in infrastructure or application components. The term vulnerability was coined while addressing these weaknesses. It is evident that the vulnerabilities are required to be remediated as quickly as possible but there should be a starting point for addressing these vulnerabilities. Prioritization of vulnerabilities plays an important role by providing a roadmap to deal with the vulnerabilities. As a common measure, the vulnerabilities can be prioritized by providing a score to them and defining the severity level of the vulnerability. This paper proposes a hybrid prioritization technique, VISERS which stands for Varied Impact and Static Exploitability Rating System (VISERS). It combines the promising aspects of other three prioritization techniques, namely, Vulnerability Rating and Scoring System (VRSS), Weighted Impact Vulnerability Scoring System (WIVSS), and Variable Impact-Exploitability Weightage Scoring System (VIEWSS). While the mentioned techniques utilize the metrics from version 2.0 of the Common Vulnerability Scoring System (CVSS), our proposed technique uses the metrics from version 3.1 of CVSS to generate the base scores. A total of 9,307 vulnerabilities, published between January 2022 and June 2022, were considered from the National Vulnerability Database (NVD) while comparing the base scores generated by the proposed method with those produced by other mentioned techniques. The proposed methodology was tested and its performance was analysed on the statistical measures including mean, standard deviation, skewness, kurtosis, and distinct values. VISERS has yielded promising results on these statistical measures.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Mustafa, Raza Ul
UNSPECIFIED
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software
T Technology > T Technology (General) > Information Technology > Computer software
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Ciara O'Brien
Date Deposited: 30 Jul 2025 08:44
Last Modified: 30 Jul 2025 08:44
URI: https://norma.ncirl.ie/id/eprint/8319

Actions (login required)

View Item View Item