REVS: A Vulnerability Ranking Tool for Enterprise Security
Igor Forain, Robson Albuquerque, Rafael Sousa Júnior
2022
Abstract
Information security incidents currently affect organizations worldwide. In 2021, thousands of companies suffered cyber attacks, resulting in billions of dollars in losses. Most of these events result from known vulnerabilities in information assets. However, several heterogeneous databases and sources host information about those flaws, turning the risk assessment difficult. This paper proposes a Recommender Exploitation-Vulnerability System (REVS) with the Technique for Order Preference by Similarity to Ideal Solution (TOPSIS) to rank vulnerability-exploit. The REVS is a dual tool that can pinpoint the best exploits to pentest or the most sensitive vulnerabilities to cybersecurity staff. This paper also presents results in the GNS3 emulator leveraging data from the National Vulnerability Database (NVD), the China National Vulnerability Database (CNVD), and Vulners. They reveal that the CNVD, despite data issues, has 23,281 vulnerabilities entries unmapped in the NVD. Moreover, this work establishes criteria to link heterogeneous vulnerability databases.
DownloadPaper Citation
in Harvard Style
Forain I., Albuquerque R. and Sousa Júnior R. (2022). REVS: A Vulnerability Ranking Tool for Enterprise Security. In Proceedings of the 24th International Conference on Enterprise Information Systems - Volume 1: ICEIS, ISBN 978-989-758-569-2, pages 126-133. DOI: 10.5220/0011068600003179
in Bibtex Style
@conference{iceis22,
author={Igor Forain and Robson Albuquerque and Rafael Sousa Júnior},
title={REVS: A Vulnerability Ranking Tool for Enterprise Security},
booktitle={Proceedings of the 24th International Conference on Enterprise Information Systems - Volume 1: ICEIS,},
year={2022},
pages={126-133},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011068600003179},
isbn={978-989-758-569-2},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 24th International Conference on Enterprise Information Systems - Volume 1: ICEIS,
TI - REVS: A Vulnerability Ranking Tool for Enterprise Security
SN - 978-989-758-569-2
AU - Forain I.
AU - Albuquerque R.
AU - Sousa Júnior R.
PY - 2022
SP - 126
EP - 133
DO - 10.5220/0011068600003179