Abstract
Vulnerability assessment is one of the important topics in cyberspace security, which mainly includes threat assessment, risk level assessment, vulnerability rating score, etc. CVSS (Common Vulnerability Scoring System) is a commonly used vulnerability assessment method in academia and industry. However, CVSS has the following problems. First, CVSS is not very versatile in practical scoring. The value of the metrics will be different depending on the people with different domain knowledge and different working experience, which will lead to error in the final score. Second, the weight of CVSS metrics is more subjective. To reduce scoring error, in this paper, we propose a CVSS-based vulnerability assessment method to reduce the dimension of vulnerability metrics. This method contains a vulnerability evaluation model based on decision tree, which can reduce the error caused by manual scoring. The experiments show that the reduction of vulnerability metrics leads to a reduction in scoring error.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
