Logo do repositório
 
Miniatura
Publicação

Classification and scoring approach of lot threats

2025Dissertação de mestrado Acesso aberto
http://hdl.handle.net/10400.5/116648
Utilize este identificador para referenciar este registo.
Nome:Descrição:Tamanho:Formato: 
TM_Nuno_Vieira.pdf1.3 MBAdobe PDF Ver/Abrir

Autores

Vieira, Nuno Bernardo Camacho Vieira

Orientador(es)

Resumo(s)

With the ever-evolving concern over security in computer science, particularly in the domain of Internet of Things (IoT), systems have been developed to track existing attacks and their severity. The current standard for tracking system exploits severity is the Common Vulnerability Scoring System (CVSS). When a new version of this system is released, older classifications cannot be used for direct comparison, this necessitates the creation of a conversion process. This translation is complex, and a manual conversion can lead to errors and biased conversions. Since version four is the most recent and there is no complete conversion among the previous versions, in this work, we propose a new methodology that can take older classifications from version (3.x) and convert them to the latest release. Our methodology is based on a machine learning approach that considers multiple machine learning techniques and, based on a unanimous vote, estimates a classification. Our proposed method achieves an average accuracy of 76.36%, and after performing a 5-fold cross-validation, an average accuracy of 98.90% was obtained. Along with the proposed conversion system, we also explored the use of a finetuned Large Language Model (LLM) to automatically evaluate the severity of a given attack, using only the attack’s description, as well as being able to adjust the attack severity based on the context of the system environment, using this proposed method we were able to achieve a scoring deviation of 1.058 points from our ground truth, and after performing a 5-fold cross-validation, an average of 1.261 points deviation was obtained for correctly classifying the severity of a given attack. Additionally, by considering the system’s environment context, we were able to achieve a deviation of 1.20 points from our ground truth.

Descrição

Tese de Mestrado, Engenharia Informática, 2025, Universidade de Lisboa, Faculdade de Ciências

Palavras-chave

IoT Security CVSS Conversion CVE

URI

http://hdl.handle.net/10400.5/116648

Contexto Educativo

Citação

Projetos de investigação

Unidades organizacionais

Fascículo

Editora

Coleções

Pure > Dspace
PURE > Dspace - Faculdade de Ciências

Licença CC