Portal de Programas de Pós-Graduação (UnB)

SIGAA - Sistema Integrado de Gestão de Atividades Acadêmicas

PPEE PROGRAMA DE PÓS-GRADUAÇÃO PROFISSIONAL EM ENGENHARIA ELÉTRICA DEPTO ENGENHARIA ELETRICA Phone: Not available E-mail: Not available https://www.unb.br/pos-graduacao

Banca de DEFESA: Igor Forain de Sá Freire

Uma banca de DEFESA de MESTRADO foi cadastrada pelo programa.
STUDENT : Igor Forain de Sá Freire
DATE: 18/11/2022
TIME: 16:00
LOCAL: TEAMS
TITLE:

Cyber Awareness and Security: Comparison of National Vulnerability and Exploit Databases

KEY WORDS:

Não informado

PAGES: 96
BIG AREA: Engenharias
AREA: Engenharia Elétrica
SUMMARY:

Cyber attacks are a ubiquitous reality nowadays, affecting organizations and countries worldwide. In 2021, information security incidents resulted in billions of dollars in losses. Most of those events result from known vulnerabilities in information technology assets. However, several heterogeneous databases and sources host information about those flaws, turning the risk assessment difficult. Despite massive vulnerability databases that are respectively supported by the USA and China governments, they differ in operation and coverage, which hinders and turns uncertain risk assessment processes. This work proposes a methodology to compare the USA National Vulnerability Database (NVD), the China National Vulnerability Database (CNVD), the China National Vulnerability Database of Information Security (CNNVD), and the Exploit Database (EDB). The results reveal that the CNNVD has 1,661 vulnerabilities entries more than the NVD and at least 40 more entries regarding Chinese vendors. Besides, they show a temporal correlation of 0.917560 with 70% of text similarity between the NVD and CNNVD, indicating that despite the latter tracking the former, it is not an automatic translation of the NVD. Moreover, this work proposes a Recommender Exploitation-Vulnerability System (REVS) with the Technique for Order Preference by Similarity to Ideal Solution (TOPSIS) using entropy-based weighting to rank vulnerability-exploit. REVS works as a network scanning and recommender system leveraging a mix of national vulnerability and exploit databases. Experiments evaluated in the GNS3 emulator show that this work approach identifies nine more vulnerabilities than the commercial tool Vulners and that the exploit features are more important criteria than the Common Vulnerability Scoring System (CVSS) parameters to rank vulnerabilities. To the best of the authors’ knowledge, this work is the first to normalize and compare the NVD, CNVD, CNNVD, and EDB, showing that the Chinese national vulnerability databases are leveraging exploit data to infer reserved status CVEs.

BANKING MEMBERS:
Externo à Instituição - MARIO ANTONIO RIBEIRO DANTAS
Interno - 2363646 - RAFAEL RABELO NUNES
Interno - 2201912 - RAFAEL TIMOTEO DE SOUSA JUNIOR

Notícia cadastrada em: 07/11/2022 13:29