{"title":"Using neural networks to aid CVSS risk aggregation — An empirically validated approach","authors":"Alexander Beck , Stefan Rass","doi":"10.1016/j.jides.2016.10.002","DOIUrl":null,"url":null,"abstract":"<div><p>Managing risks in large information infrastructures is often tied to inevitable simplification of the system, to make a risk analysis feasible. One common way of “compacting” matters for efficient decision making is to aggregate vulnerabilities and risks identified for distinct components into an overall risk measure related to an entire subsystem and the system as a whole. Traditionally, this aggregation is done pessimistically by taking the overall risk as the maximum of all individual risks, following the heuristic understanding that the “security chain” is only as strong as its weakest link. As that method is quite wasteful of information, this work proposes a new approach, which uses neural networks to resemble human expert’s decision making in the same regard. To validate the concept, we conducted an empirical study on human expert’s risk assessments, and trained several candidate networks on the empirical data to identify the best approximation to the opinions in our expert group.</p></div>","PeriodicalId":100792,"journal":{"name":"Journal of Innovation in Digital Ecosystems","volume":"3 2","pages":"Pages 148-154"},"PeriodicalIF":0.0000,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.jides.2016.10.002","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Innovation in Digital Ecosystems","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2352664516300153","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 11
Abstract
Managing risks in large information infrastructures is often tied to inevitable simplification of the system, to make a risk analysis feasible. One common way of “compacting” matters for efficient decision making is to aggregate vulnerabilities and risks identified for distinct components into an overall risk measure related to an entire subsystem and the system as a whole. Traditionally, this aggregation is done pessimistically by taking the overall risk as the maximum of all individual risks, following the heuristic understanding that the “security chain” is only as strong as its weakest link. As that method is quite wasteful of information, this work proposes a new approach, which uses neural networks to resemble human expert’s decision making in the same regard. To validate the concept, we conducted an empirical study on human expert’s risk assessments, and trained several candidate networks on the empirical data to identify the best approximation to the opinions in our expert group.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
