A carregar...
Publicação
Risk assessment of vulnerabilities exploitation
| Nome: | Descrição: | Tamanho: | Formato: | |
|---|---|---|---|---|
| 1.12 MB | Adobe PDF |
Orientador(es)
Resumo(s)
Using the Kolmogorov–Smirnov, Cramér–von Mises and Anderson– Darling tests, and the not so commonly applied Vuong’s test, it is shown that a two components hyperlog-logistic distribution, i.e., a mixture of two geo-max-stable log-logistic distributions, provides a good fit for the time from disclosure to update of vulnerabilities sampled from the CVEdetails.com database. It is also shown that the hyperlog-logistic distribution provides a better fit than a heavy-tailed distribution of maxima, or a log-logistic distribution, or even a heavy-tailed two components hyperexponential distribution. Moreover, ways of incorporating uncertainty and of modeling vulnerabilities lifecycle into the Common Vulnerabilities Scoring System (CVSS), the most widely used score to assess severity of vulnerabilities, are discussed, in order to obtain an improved CVSS calculator and the evolution of a score over time.
Descrição
Palavras-chave
Vulnerabilities Vulnerability Life-Cycle Heavy-Tailed Distributions Hyperlog-logistic Distribution CVSS Modifier
Contexto Educativo
Citação
Fátima Brilhante, M., Pestana, P., Luísa Rocha, M., Sequeira, F. (2024). Risk Assessment of Vulnerabilities Exploitation. In: Henriques-Rodrigues, L., Menezes, R., Machado, L.M., Faria, S., de Carvalho, M. (eds) New Frontiers in Statistics and Data Science. Springer Proceedings in Mathematics & Statistics, vol 469. Springer, Cham.
Editora
Springer
Licença CC
Sem licença CC