软件漏洞可利用性评估调查

IF 23.8 1区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS ACM Computing Surveys Pub Date : 2024-03-20 DOI:10.1145/3648610

Sarah Elder, Rayhanur Rahman, Gage Fringer, Kunal Kapoor, Laurie Williams

{"title":"软件漏洞可利用性评估调查","authors":"Sarah Elder, Rayhanur Rahman, Gage Fringer, Kunal Kapoor, Laurie Williams","doi":"10.1145/3648610","DOIUrl":null,"url":null,"abstract":"Knowing the exploitability and severity of software vulnerabilities helps practitioners prioritize vulnerability mitigation efforts. Researchers have proposed and evaluated many different exploitability assessment methods. The goal of this research is to assist practitioners and researchers in understanding existing methods for assessing vulnerability exploitability through a survey of exploitability assessment literature. We identify three exploitability assessment approaches: assessments based on original, manual CVSS, automated Deterministic assessments, and automated Probabilistic assessments. Other than the original CVSS, the two most common subcategories are Deterministic, Program-State-Based, and Probabilistic Learning Model (LM) Assessments.","PeriodicalId":50926,"journal":{"name":"ACM Computing Surveys","volume":null,"pages":null},"PeriodicalIF":23.8000,"publicationDate":"2024-03-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Survey on Software Vulnerability Exploitability Assessment\",\"authors\":\"Sarah Elder, Rayhanur Rahman, Gage Fringer, Kunal Kapoor, Laurie Williams\",\"doi\":\"10.1145/3648610\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Knowing the exploitability and severity of software vulnerabilities helps practitioners prioritize vulnerability mitigation efforts. Researchers have proposed and evaluated many different exploitability assessment methods. The goal of this research is to assist practitioners and researchers in understanding existing methods for assessing vulnerability exploitability through a survey of exploitability assessment literature. We identify three exploitability assessment approaches: assessments based on original, manual CVSS, automated Deterministic assessments, and automated Probabilistic assessments. Other than the original CVSS, the two most common subcategories are Deterministic, Program-State-Based, and Probabilistic Learning Model (LM) Assessments.\",\"PeriodicalId\":50926,\"journal\":{\"name\":\"ACM Computing Surveys\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":23.8000,\"publicationDate\":\"2024-03-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Computing Surveys\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1145/3648610\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Computing Surveys","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3648610","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

摘要

了解软件漏洞的可利用性和严重性有助于从业人员确定漏洞缓解工作的优先次序。研究人员提出并评估了许多不同的可利用性评估方法。本研究的目的是通过对漏洞可利用性评估文献的调查，帮助从业人员和研究人员了解现有的漏洞可利用性评估方法。我们确定了三种可利用性评估方法：基于原始手工 CVSS 的评估、自动确定性评估和自动概率评估。除原始 CVSS 外，最常见的两个子类别是确定性评估、基于程序状态的评估和概率学习模型 (LM) 评估。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

A Survey on Software Vulnerability Exploitability Assessment

Knowing the exploitability and severity of software vulnerabilities helps practitioners prioritize vulnerability mitigation efforts. Researchers have proposed and evaluated many different exploitability assessment methods. The goal of this research is to assist practitioners and researchers in understanding existing methods for assessing vulnerability exploitability through a survey of exploitability assessment literature. We identify three exploitability assessment approaches: assessments based on original, manual CVSS, automated Deterministic assessments, and automated Probabilistic assessments. Other than the original CVSS, the two most common subcategories are Deterministic, Program-State-Based, and Probabilistic Learning Model (LM) Assessments.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

ACM Computing Surveys 工程技术-计算机：理论方法

CiteScore

33.20

自引率

0.60%

发文量

372

审稿时长

12 months

期刊介绍： ACM Computing Surveys is an academic journal that focuses on publishing surveys and tutorials on various areas of computing research and practice. The journal aims to provide comprehensive and easily understandable articles that guide readers through the literature and help them understand topics outside their specialties. In terms of impact, CSUR has a high reputation with a 2022 Impact Factor of 16.6. It is ranked 3rd out of 111 journals in the field of Computer Science Theory & Methods. ACM Computing Surveys is indexed and abstracted in various services, including AI2 Semantic Scholar, Baidu, Clarivate/ISI: JCR, CNKI, DeepDyve, DTU, EBSCO: EDS/HOST, and IET Inspec, among others.

期刊最新文献

How to Improve Video Analytics with Action Recognition: A Survey When Federated Learning Meets Privacy-Preserving Computation A review and benchmark of feature importance methods for neural networks Enabling Technologies and Techniques for Floor Identification A Comprehensive Analysis of Explainable AI for Malware Hunting