VulDistilBERT: A CPS Vulnerability Severity Prediction Method Based on Distillation Model
Table 1
Description and possible values for base metric group of CVSS. The metric names in this table will be referred to by abbreviations and ID number in [11].
ID
Metric
Description
Possible values
0
Attack vector (AV)
This metric represents the conditions under which exploiting vulnerability is conceivable. The farther an attacker may exploit a susceptible component, the higher this metric
Physical
Network
Local
Adjacent
1
Attack complexity (AC)
This metric reflects the attacker-uncontrolled circumstances needed to exploit the vulnerability
Low
High
2
Privileges required (PR)
This metric represents an attacker’s privilege before exploitation. The score is the highest when no privileges are necessary
None
Low
High
3
User interaction (UI)
This metric represents the necessity for a human user other than the attacker to be involved in the successful penetration of the susceptible component
Required
None
4
Scope (S)
This metric measures whether one component’s vulnerability impacts other components’ resources
Unchanged
Changed
5
Confidentiality (C)
This metric quantifies the confidentiality of a successfully exploited vulnerability on the component most directly and predictably affected by the attack
None
Low
High
6
Integrity (I)
This metric represents vulnerability’s influence on integrity. Integrity means truthfulness and trustworthiness
None
Low
High
7
Availability (A)
This metric assesses a vulnerability’s influence on a component’s availability
