Using CVSS scores can make more informed and more adapted Intrusion Detection Systems

Intrusion Detection Systems (IDSs) are essential cybersecurity components. Previous cyberattack detection methods relied more on signatures and rules to detect cyberattacks, although there has been a change in paradigm in the last decade, with Machine Learning (ML) enabling more efficient and flexib...

Full description

Saved in:
Bibliographic Details
Published inJ.UCS (Annual print and CD-ROM archive ed.) Vol. 30; no. 9; pp. 1244 - 1264
Main Authors Duraz, Robin, Espes, David, Francq, Julien, Vaton, Sandrine
Format Journal Article
LanguageEnglish
Published Bristol Pensoft Publishers 14.09.2024
Graz University of Technology, Institut für Informationssysteme und Computer Medien
Graz University of Technology
Subjects
Computer Science
Cybersecurity
Detectors
Intrusio
Intrusion detection systems
Machine Learning
Metrics
Neural networks
Performance evaluation
Security software
Statistical methods
Cybersecurity Metrics Machine Learning Intrusion Detection Systems CVSS Categories: I.2.1 I.2
Metrics
Cybersecurity
CVSS
Intrusion Detection Systems
Machine Learning
Online AccessGet full text

Cover

More Information
Summary:Intrusion Detection Systems (IDSs) are essential cybersecurity components. Previous cyberattack detection methods relied more on signatures and rules to detect cyberattacks, although there has been a change in paradigm in the last decade, with Machine Learning (ML) enabling more efficient and flexible statistical methods. However, ML often suffers from the lack of, and proper use of, cybersecurity information, be they for proper evaluation or even improving performance. This paper shows that using a de facto standard in cybersecurity: the Common Vulnerability Scoring System (CVSS), can improve IDSs at different levels, from helping in training an IDS, to more properly evaluating its performance, even taking into account systems with different protection requirements. This paper introduces Cyber Informedness, a new metric considering cybersecurity information to give a more informed representation of performance, influenced by the severity of the attacks encountered. Consequently, this metric is also able to differentiate performance of IDSs when security requirements, Confidentiality, Integrity and Availability, are defined using CVSS' environmental parameters. Finally, sub-parts of this metric can be integrated into the training phase's loss of Neural Networks (NNs)-based IDSs to build IDSs that better detect more severe attacks.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0948-695X
0948-6968
DOI:10.3897/jucs.131659