REVS: A Vulnerability Ranking Tool for Enterprise Security

Igor Forain, Robson Albuquerque, Rafael Sousa Júnior

2022

Abstract

Information security incidents currently affect organizations worldwide. In 2021, thousands of companies suffered cyber attacks, resulting in billions of dollars in losses. Most of these events result from known vulnerabilities in information assets. However, several heterogeneous databases and sources host information about those flaws, turning the risk assessment difficult. This paper proposes a Recommender Exploitation-Vulnerability System (REVS) with the Technique for Order Preference by Similarity to Ideal Solution (TOPSIS) to rank vulnerability-exploit. The REVS is a dual tool that can pinpoint the best exploits to pentest or the most sensitive vulnerabilities to cybersecurity staff. This paper also presents results in the GNS3 emulator leveraging data from the National Vulnerability Database (NVD), the China National Vulnerability Database (CNVD), and Vulners. They reveal that the CNVD, despite data issues, has 23,281 vulnerabilities entries unmapped in the NVD. Moreover, this work establishes criteria to link heterogeneous vulnerability databases.

Download


Paper Citation


in Harvard Style

Forain I., Albuquerque R. and Sousa Júnior R. (2022). REVS: A Vulnerability Ranking Tool for Enterprise Security. In Proceedings of the 24th International Conference on Enterprise Information Systems - Volume 1: ICEIS, ISBN 978-989-758-569-2, pages 126-133. DOI: 10.5220/0011068600003179


in Bibtex Style

@conference{iceis22,
author={Igor Forain and Robson Albuquerque and Rafael Sousa Júnior},
title={REVS: A Vulnerability Ranking Tool for Enterprise Security},
booktitle={Proceedings of the 24th International Conference on Enterprise Information Systems - Volume 1: ICEIS,},
year={2022},
pages={126-133},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011068600003179},
isbn={978-989-758-569-2},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 24th International Conference on Enterprise Information Systems - Volume 1: ICEIS,
TI - REVS: A Vulnerability Ranking Tool for Enterprise Security
SN - 978-989-758-569-2
AU - Forain I.
AU - Albuquerque R.
AU - Sousa Júnior R.
PY - 2022
SP - 126
EP - 133
DO - 10.5220/0011068600003179