A Fuzzy Risk Calculations Approach for a Network Vulnerability Ranking System

PDF

Authors
  1. Dondo, M.
Corporate Authors
Defence R&D Canada - Ottawa, Ottawa ONT (CAN)
Abstract
In this work, we present a fuzzy systems approach for assessing the relative risk associated with computer network assets. We use this approach to rank vulnerabilities so that analysts can prioritise their work based on the potential risk exposures of assets and networks. We associate vulnerabilities to individual assets, and therefore networks, and develop fuzzy models of the vulnerability attributes. We use fuzzy rules to make an inference on the risk exposure and the likelihood of attack, which allows us to rank the vulnerabilities and show which ones need more immediate attention. We argue that our approach has more meaningful vulnerability prioritisation values than the severity level calculated by the popularly used Common Vulnerability Scoring System (CVSS) approach.

Il y a un résumé en français ici.

Report Number
DRDC-OTTAWA-TM-2007-090 — Technical Memorandum
Date of publication
01 May 2007
Number of Pages
64
DSTKIM No
CA029354
CANDIS No
527632
Format(s):
CD ROM

Permanent link

Document 1 of 1

Date modified: