loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Igor Forain ; Robson de Oliveira Albuquerque and Rafael Timóteo de Sousa Júnior

Affiliation: Professional Program in Electrical Engineering (PPEE), Dept. of Electrical Engineering (ENE), University of Brasília (UnB), Brasília, Brazil

Keyword(s): Cybersecurity, Vulnerabilities, Pentest, NVD, CNVD, TOPSIS.

Abstract: Information security incidents currently affect organizations worldwide. In 2021, thousands of companies suffered cyber attacks, resulting in billions of dollars in losses. Most of these events result from known vulnerabilities in information assets. However, several heterogeneous databases and sources host information about those flaws, turning the risk assessment difficult. This paper proposes a Recommender Exploitation-Vulnerability System (REVS) with the Technique for Order Preference by Similarity to Ideal Solution (TOPSIS) to rank vulnerability-exploit. The REVS is a dual tool that can pinpoint the best exploits to pentest or the most sensitive vulnerabilities to cybersecurity staff. This paper also presents results in the GNS3 emulator leveraging data from the National Vulnerability Database (NVD), the China National Vulnerability Database (CNVD), and Vulners. They reveal that the CNVD, despite data issues, has 23,281 vulnerabilities entries unmapped in the NVD. Moreover, this work establishes criteria to link heterogeneous vulnerability databases. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 52.90.142.26

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Forain, I.; Albuquerque, R. and Sousa Júnior, R. (2022). REVS: A Vulnerability Ranking Tool for Enterprise Security. In Proceedings of the 24th International Conference on Enterprise Information Systems - Volume 2: ICEIS; ISBN 978-989-758-569-2; ISSN 2184-4992, SciTePress, pages 126-133. DOI: 10.5220/0011068600003179

@conference{iceis22,
author={Igor Forain. and Robson de Oliveira Albuquerque. and Rafael Timóteo de {Sousa Júnior}.},
title={REVS: A Vulnerability Ranking Tool for Enterprise Security},
booktitle={Proceedings of the 24th International Conference on Enterprise Information Systems - Volume 2: ICEIS},
year={2022},
pages={126-133},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011068600003179},
isbn={978-989-758-569-2},
issn={2184-4992},
}

TY - CONF

JO - Proceedings of the 24th International Conference on Enterprise Information Systems - Volume 2: ICEIS
TI - REVS: A Vulnerability Ranking Tool for Enterprise Security
SN - 978-989-758-569-2
IS - 2184-4992
AU - Forain, I.
AU - Albuquerque, R.
AU - Sousa Júnior, R.
PY - 2022
SP - 126
EP - 133
DO - 10.5220/0011068600003179
PB - SciTePress