Optimization of hierarchical vulnerability assessment method

Abstract

Network vulnerability assessment has carried out a certain degree of research work in relative field. The common method for vulnerability assessment is hierarchical asset vulnerability assessment, in which vulnerability value is fixed and the weight of service is subjective. Thus the accuracy of calculation depends on experience and judgment. In this paper, according to CVSS (Common Vulnerability Assessment System) theory, a method that takes environment factors into consideration is proposed for asset vulnerability assessment using information collected by vulnerability scanning tool. As an optimization of original method, this method is more accurate than original method.