Using CVSS scores can make more informed and more adapted Intrusion Detection Systems

Abstract

Read online Read online Read online

Intrusion Detection Systems (IDSs) are essential cybersecurity components. Previous cyberattack detection methods relied more on signatures and rules to detect cyberattacks, although there has been a change in paradigm in the last decade, with Machine Learning (ML) enabling more efficient and flexible statistical methods. However, ML often suffers from the lack of, and proper use of, cybersecurity information, be they for proper evaluation or even improving performance. This paper shows that using a de facto standard in cybersecurity: the Common Vulnerability Scoring System (CVSS), can improve IDSs at different levels, from helping in training an IDS, to more properly evaluating its performance, even taking into account systems with different protection requirements. This paper introduces Cyber Informedness, a new metric considering cybersecurity information to give a more informed representation of performance, influenced by the severity of the attacks encountered. Consequently, this metric is also able to differentiate performance of IDSs when security requirements, Confidentiality, Integrity and Availability, are defined using CVSS’ environmental parameters. Finally, sub-parts of this metric can be integrated into the training phase’s loss of Neural Networks (NNs)-based IDSs to build IDSs that better detect more severe attacks.

Keywords

• Cybersecurity
• Metrics
• Machine Learning
• Intrusio