A novel approach to continuous CVE analysis on enterprise operating systems for system vulnerability assessment


Kocaman Y., Gönen S., Barişkan M. A., Karacayilmaz G., Yılmaz E. N.

International Journal of Information Technology (Singapore), cilt.14, sa.3, ss.1433-1443, 2022 (Scopus) identifier

  • Yayın Türü: Makale / Tam Makale
  • Cilt numarası: 14 Sayı: 3
  • Basım Tarihi: 2022
  • Doi Numarası: 10.1007/s41870-021-00840-6
  • Dergi Adı: International Journal of Information Technology (Singapore)
  • Derginin Tarandığı İndeksler: Scopus
  • Sayfa Sayıları: ss.1433-1443
  • Anahtar Kelimeler: CVE, Cyber security, Security analysis, Vulnerability assessment, Vulnerability database
  • İstanbul Gelişim Üniversitesi Adresli: Evet

Özet

Advances in information and technology have provided great opportunities and conveniences for human life. However, with this process, attackers have switched to cyberspace due to various factors such as anonymity, easy attack tools, and non-deterrent penalties. For this reason, various methods have been developed to protect systems from cyber-attacks. One of the most important methods is the continuity-based vulnerability analysis of the systems and the network created by the systems, even for emerging threats. In this study, the current and comprehensive list of vulnerabilities created by combining the data obtained from different CVE sources is compared with the packages on the operating system. In this way, it is possible to obtain information about the system’s current openness status and take precautions. The analyzes have been carried out on Ubuntu operating system; however, the study can be adapted to other operating systems and larger systems by following the implementation phases of the proposed method.