his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Automatic CVSS classification: Automatic classification of CVSS score
University of Skövde, School of Informatics.
2019 (English)Independent thesis Basic level (degree of Bachelor), 20 credits / 30 HE creditsStudent thesisAlternative title
Automatisk CVSS klassifikation : Automatisk klassificering av CVSS betyg (Swedish)
Abstract [en]

With a growing amount of information security incidents around the world, organizationsneed to manage information security more efficiently. A way to enable organizations to improve their information security management is to utilize decision support systems in information security. Previous studies has presented promising capabilities in machine learning models for analysis of security vulnerabilities with the industry standard Common Vulnerability Scoring System 2.0. These studies hashowever used the older version of the scoring system, and not in all cases fully automated the entire analysis process. This research conducts an experiment which indicates that the newer scoring system, Common Vulnerability Scoring System 3.0 is possible to automate with machine learning models. The machine learning models in this study perform similarly and in some cases slightly better than the previous studies. This study presents the possibility of a completely automated scoring system, the study presents a high positive correlation of 0.7 with classifications from the recognized information security database NVD which publishes information security analyses for vulnerabilities in systems.

Place, publisher, year, edition, pages
2019. , p. 42
Keywords [en]
Information Security, Machine Learning, CVSS
National Category
Information Systems
Identifiers
URN: urn:nbn:se:his:diva-16981OAI: oai:DiVA.org:his-16981DiVA, id: diva2:1321351
Subject / course
Informationsteknologi
Educational program
Information Systems - Business Intelligence
Supervisors
Examiners
Available from: 2019-06-11 Created: 2019-06-07 Last updated: 2019-06-11Bibliographically approved

Open Access in DiVA

No full text in DiVA

Search in DiVA

By author/editor
Flodihn, Marcus
By organisation
School of Informatics
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 42 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf