Full Program
Summary:
Vulnerability assessment is a critical challenge in cybersecurity, particularly in industrial environments. This work presents an innovative approach by incorporating the temporal dimension into vulnerability assessment, an aspect neglected in existing literature. Specifically, this paper focuses on refining vulnerability assessment and prioritization by integrating Common Vulnerability Scoring System (CVSS) Temporal Metrics with Bayesian Networks to account for exploit availability, remediation efforts, and confidence in reported vulnerabilities. Through probabilistic modeling, Bayesian networks enable a structured and adaptive evaluation of vulnerabilities, allowing for more accurate prioritization and decision-making. The proposed approach dynamically computes the Temporal Score and updates the CVSS Base Score by processing data on exploits and fixes from vulnerability databases. In the case study, we apply this approach to an industrial infrastructure modeled using the Purdue Model. The dependencies among vulnerabilities are then modeled through a Bayesian Attack Graph (BAG) to compute the posterior exploitation probabilities at each BAG node.Author(s):
Stefano Perone
Campus Bio-Medico University
Italy
Simone Guarino
Campus Bio-Medico University
Italy
Luca Faramondi
Campus Bio-Medico University
Italy
Roberto Setola
Campus Bio-Medico University
Italy