A novel approach to continuous CVE analysis on enterprise operating systems for system vulnerability assessment

Kocaman Y., Gönen S., Barişkan M. A., Karacayilmaz G., YILMAZ E. N.

International Journal of Information Technology (Singapore), vol.14, no.3, pp.1433-1443, 2022 (Scopus) identifier


© 2022, The Author(s), under exclusive licence to Bharati Vidyapeeth's Institute of Computer Applications and Management.Advances in information and technology have provided great opportunities and conveniences for human life. However, with this process, attackers have switched to cyberspace due to various factors such as anonymity, easy attack tools, and non-deterrent penalties. For this reason, various methods have been developed to protect systems from cyber-attacks. One of the most important methods is the continuity-based vulnerability analysis of the systems and the network created by the systems, even for emerging threats. In this study, the current and comprehensive list of vulnerabilities created by combining the data obtained from different CVE sources is compared with the packages on the operating system. In this way, it is possible to obtain information about the system’s current openness status and take precautions. The analyzes have been carried out on Ubuntu operating system; however, the study can be adapted to other operating systems and larger systems by following the implementation phases of the proposed method.