Journal of Universal Computer Science (Sep 2024)

Using CVSS scores can make more informed and more adapted Intrusion Detection Systems

  • Robin Duraz,
  • David Espes,
  • Julien Francq,
  • Sandrine Vaton

DOI
https://doi.org/10.3897/jucs.131659
Journal volume & issue
Vol. 30, no. 9
pp. 1244 – 1264

Abstract

Read online Read online Read online

Intrusion Detection Systems (IDSs) are essential cybersecurity components. Previous cyberattack detection methods relied more on signatures and rules to detect cyberattacks, although there has been a change in paradigm in the last decade, with Machine Learning (ML) enabling more efficient and flexible statistical methods. However, ML often suffers from the lack of, and proper use of, cybersecurity information, be they for proper evaluation or even improving performance. This paper shows that using a de facto standard in cybersecurity: the Common Vulnerability Scoring System (CVSS), can improve IDSs at different levels, from helping in training an IDS, to more properly evaluating its performance, even taking into account systems with different protection requirements. This paper introduces Cyber Informedness, a new metric considering cybersecurity information to give a more informed representation of performance, influenced by the severity of the attacks encountered. Consequently, this metric is also able to differentiate performance of IDSs when security requirements, Confidentiality, Integrity and Availability, are defined using CVSS’ environmental parameters. Finally, sub-parts of this metric can be integrated into the training phase’s loss of Neural Networks (NNs)-based IDSs to build IDSs that better detect more severe attacks.

Keywords