Högskolan i Skövde

his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Towards automatic discovery and assessment of vulnerability severity in cyber-physical systems
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. (Distributed Real-Time Systems (DRTS))ORCID iD: 0000-0003-4791-8452
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. (Distributed Real-Time Systems (DRTS))ORCID iD: 0000-0002-7312-9089
2022 (English)In: Array, E-ISSN 2590-0056, Vol. 15, article id 100209Article in journal (Refereed) Published
Abstract [en]

Despite their wide proliferation, complex cyber–physical systems (CPSs) are subject to cybersecurity vulnerabilities and potential attacks. Vulnerability assessment for such complex systems are challenging, partly due to the discrepancy among mechanisms used to evaluate their cyber-security weakness levels. Several sources do report these weaknesses like the National Vulnerability Database (NVD), as well as manufacturer websites besides other security scanning advisories such as Cyber Emergency Response Team (CERT) and Shodan databases. However, these multiple sources are found to face inconsistency issues, especially in terms of vulnerability severity scores. We advocate an artificial intelligence based approach to streamline the computation of vulnerability severity magnitudes. This approach decreases the error rate induced by manual calculation processes, that are traditionally used in cybersecurity analysis. Popular repositories such as NVD and SecurityFocus are employed to validate the proposed approach, assisted with a query method to retrieve vulnerability instances. In doing so, we report discovered correlations among reported vulnerability scores to infer consistent magnitude values of vulnerability instances. The method is applied to a case study featuring a CPS application to illustrate the automation of the proposed vulnerability scoring mechanism, used to mitigate cybersecurity weaknesses.

Place, publisher, year, edition, pages
Elsevier, 2022. Vol. 15, article id 100209
Keywords [en]
Cybersecurity, Text-mining, Cyber-physical system, Vulnerability analysis, CVSS
National Category
Computer Engineering
Research subject
Distributed Real-Time Systems
Identifiers
URN: urn:nbn:se:his:diva-21409DOI: 10.1016/j.array.2022.100209ISI: 001140488800009Scopus ID: 2-s2.0-85133584882OAI: oai:DiVA.org:his-21409DiVA, id: diva2:1676785
Note

CC BY 4.0

This research has been supported in part by EU ISF (Internal Security Fund) in the context of Project Grant #A431.678/2016.

Available from: 2022-06-27 Created: 2022-06-27 Last updated: 2024-08-01Bibliographically approved

Open Access in DiVA

fulltext(1741 kB)389 downloads
File information
File name FULLTEXT01.pdfFile size 1741 kBChecksum SHA-512
ac865779dd5b32440dfc24fb561750bcc0a7462652e2119da7df79e9fbbe3135df5edff519a9b149ded23d9c8f4f4fd46ebf8d8ad245e57cc4e8288c7a5c9407
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Jiang, YuningAtif, Yacine

Search in DiVA

By author/editor
Jiang, YuningAtif, Yacine
By organisation
School of InformaticsInformatics Research Environment
In the same journal
Array
Computer Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 389 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 243 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf