Vulnerability Assessment Combining CVSS Temporal Metrics and Bayesian Networks

• URL: http://arxiv.org/abs/2506.18715v1
• Date: Mon, 23 Jun 2025 14:53:17 GMT
• Title: Vulnerability Assessment Combining CVSS Temporal Metrics and Bayesian Networks
• Authors: Stefano Perone, Simone Guarino, Luca Faramondi, Roberto Setola,
• Abstract summary: This work presents an innovative approach by incorporating the temporal dimension into vulnerability assessment.<n>The proposed approach dynamically computes the Temporal Score and updates the CVSS Base Score by processing data on exploits and fixes from vulnerability databases.
• Score: 0.0
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Vulnerability assessment is a critical challenge in cybersecurity, particularly in industrial environments. This work presents an innovative approach by incorporating the temporal dimension into vulnerability assessment, an aspect neglected in existing literature. Specifically, this paper focuses on refining vulnerability assessment and prioritization by integrating Common Vulnerability Scoring System (CVSS) Temporal Metrics with Bayesian Networks to account for exploit availability, remediation efforts, and confidence in reported vulnerabilities. Through probabilistic modeling, Bayesian networks enable a structured and adaptive evaluation of vulnerabilities, allowing for more accurate prioritization and decision-making. The proposed approach dynamically computes the Temporal Score and updates the CVSS Base Score by processing data on exploits and fixes from vulnerability databases.

Related papers

• VLAI: A RoBERTa-Based Model for Automated Vulnerability Severity Classification [49.1574468325115]
  Built on RoBERTa, VLAI is fine-tuned on over 600,000 real-world vulnerabilities.<n>The model and dataset are open-source and integrated into the Vulnerability-Lookup service.
  arXiv  Detail & Related papers  (2025-07-04T14:28:14Z)
• VulStamp: Vulnerability Assessment using Large Language Model [28.25412570467278]
  VulStamp is a novel intention-guided framework to facilitate description-free vulnerability assessment.<n>Based on the intention information, VulStamp uses a prompt-tuned model for vulnerability assessment.
  arXiv  Detail & Related papers  (2025-06-13T06:14:56Z)
• An Accurate and Efficient Vulnerability Propagation Analysis Framework [13.051314477680902]
  We propose a novel approach to quantify the scope and evolution of vulnerability impacts in software supply chains.<n>We implement a prototype of our approach in the Java Maven ecosystem and evaluate it on 100 real-world vulnerabilities.
  arXiv  Detail & Related papers  (2025-06-02T05:55:45Z)
• Aurora: Are Android Malware Classifiers Reliable under Distribution Shift? [51.12297424766236]
  AURORA is a framework to evaluate malware classifiers based on their confidence quality and operational resilience.<n>AURORA is further complemented by a set of metrics designed to go beyond point-in-time performance.<n>The fragility we observe in state-of-the-art frameworks suggests the need for a return to the whiteboard.
  arXiv  Detail & Related papers  (2025-05-28T20:22:43Z)
• REVAL: A Comprehension Evaluation on Reliability and Values of Large Vision-Language Models [59.445672459851274]
  REVAL is a comprehensive benchmark designed to evaluate the textbfREliability and textbfVALue of Large Vision-Language Models.<n>REVAL encompasses over 144K image-text Visual Question Answering (VQA) samples, structured into two primary sections: Reliability and Values.<n>We evaluate 26 models, including mainstream open-source LVLMs and prominent closed-source models like GPT-4o and Gemini-1.5-Pro.
  arXiv  Detail & Related papers  (2025-03-20T07:54:35Z)
• Beyond the Surface: An NLP-based Methodology to Automatically Estimate CVE Relevance for CAPEC Attack Patterns [42.63501759921809]
  We propose a methodology leveraging Natural Language Processing (NLP) to associate Common Vulnerabilities and Exposure (CAPEC) vulnerabilities with Common Attack Patternion and Classification (CAPEC) attack patterns.<n> Experimental evaluations demonstrate superior performance compared to state-of-the-art models.
  arXiv  Detail & Related papers  (2025-01-13T08:39:52Z)
• SecScore: Enhancing the CVSS Threat Metric Group with Empirical Evidences [0.0]
  One of the most widely used vulnerability scoring systems (CVSS) does not address the increasing likelihood of emerging an exploit code. We present SecScore, an innovative vulnerability severity score that enhances CVSS Threat metric group.
  arXiv  Detail & Related papers  (2024-05-14T12:25:55Z)
• Profile of Vulnerability Remediations in Dependencies Using Graph Analysis [40.35284812745255]
  This research introduces graph analysis methods and a modified Graph Attention Convolutional Neural Network (GAT) model. We analyze control flow graphs to profile breaking changes in applications occurring from dependency upgrades intended to remediate vulnerabilities. Results demonstrate the effectiveness of the enhanced GAT model in offering nuanced insights into the relational dynamics of code vulnerabilities.
  arXiv  Detail & Related papers  (2024-03-08T02:01:47Z)
• Automated CVE Analysis for Threat Prioritization and Impact Prediction [4.540236408836132]
  We introduce our novel predictive model and tool (called CVEDrill) which revolutionizes CVE analysis and threat prioritization. CVEDrill accurately estimates the Common Vulnerability Scoring System (CVSS) vector for precise threat mitigation and priority ranking. It seamlessly automates the classification of CVEs into the appropriate Common Weaknession (CWE) hierarchy classes.
  arXiv  Detail & Related papers  (2023-09-06T14:34:03Z)
• Bayesian Optimization with Machine Learning Algorithms Towards Anomaly Detection [66.05992706105224]
  In this paper, an effective anomaly detection framework is proposed utilizing Bayesian Optimization technique. The performance of the considered algorithms is evaluated using the ISCX 2012 dataset. Experimental results show the effectiveness of the proposed framework in term of accuracy rate, precision, low-false alarm rate, and recall.
  arXiv  Detail & Related papers  (2020-08-05T19:29:35Z)
• On Improving Temporal Consistency for Online Face Liveness Detection [43.3347240592507]
  We focus on improving the online face liveness detection system to enhance the security of the downstream face recognition system. To address the issue, a simple yet effective solution based on temporal consistency is proposed. In the training stage, to integrate the temporal consistency constraint, a temporal self-supervision loss and a class consistency loss are proposed. In the deployment stage, a training-free non-parametric uncertainty estimation module is developed to smooth the predictions adaptively.
  arXiv  Detail & Related papers  (2020-06-11T19:19:47Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.