NIST logo

Publication Citation: Aggregating CVSS Base Scores for Semantics-Rich Network Security Metrics

NIST Authors in Bold

Author(s): Pengsu Cheng; Lingyu Wang; Sushil Jajodia; Anoop Singhal;
Title: Aggregating CVSS Base Scores for Semantics-Rich Network Security Metrics
Published: October 11, 2012
Abstract: A network security metric is desirable in evaluating the effectiveness of security solutions in distributed systems. Aggregating CVSS scores of individual vulnerabilities provides a practical approach to network security metric. However, existing approaches to aggregating CVSS scores usually cause useful semantics of individual scores to be lost in the aggregated result. In this apper, we address this issue through two novel approaches. First, instead of taking each base score as an input, our approach drills down to the underlying base metric level where dependency relationships have well-defined semantics. Second, our approach interprets and aggregates the base metrics from three different aspects in order to preserve corresponding semantics of the individual scores. Finally, we confirm the advantages of our approaches through simulation.
Proceedings: IEEE Symposium on Reliable Distributed Systems (SRDS) Conference
Pages: pp. 31 - 40
Location: Irvine, CA
Dates: October 8-11, 2012
Keywords: CVSS; security metrics; security risk; threats
Research Areas: Information Technology, Cybersecurity
DOI: http://dx.doi.org/10.1109/SRDS.2012.4  (Note: May link to a non-U.S. Government webpage)
PDF version: PDF Document Click here to retrieve PDF version of paper (461KB)