NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Aggregating CVSS Base Scores for Semantics-Rich Network Security Metrics

Published

Author(s)

Pengsu Cheng, Lingyu Wang, Sushil Jajodia, Anoop Singhal

Abstract

A network security metric is desirable in evaluating the effectiveness of security solutions in distributed systems. Aggregating CVSS scores of individual vulnerabilities provides a practical approach to network security metric. However, existing approaches to aggregating CVSS scores usually cause useful semantics of individual scores to be lost in the aggregated result. In this apper, we address this issue through two novel approaches. First, instead of taking each base score as an input, our approach drills down to the underlying base metric level where dependency relationships have well-defined semantics. Second, our approach interprets and aggregates the base metrics from three different aspects in order to preserve corresponding semantics of the individual scores. Finally, we confirm the advantages of our approaches through simulation.
Proceedings Title
IEEE Symposium on Reliable Distributed Systems (SRDS) Conference
Conference Dates
October 8-11, 2012
Conference Location
Irvine, CA, US
Pub Type
Conferences

Download Paper

https://doi.org/10.1109/SRDS.2012.4
Local Download

Keywords

CVSS, security metrics, security risk, threats
Information technology and Cybersecurity and privacy

Citation

Cheng, P. , Wang, L. , Jajodia, S. and Singhal, A. (2012), Aggregating CVSS Base Scores for Semantics-Rich Network Security Metrics, IEEE Symposium on Reliable Distributed Systems (SRDS) Conference, Irvine, CA, US, [online], https://doi.org/10.1109/SRDS.2012.4, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=911327 (Accessed October 16, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created October 10, 2012, Updated October 12, 2021
Was this page helpful?