Policy-Driven Vulnerability Risk Quantification framework for Large-Scale Cloud Infrastructure Data Security

arXiv:2604.06252v1 Announce Type: new
Abstract: The exponential growth of Common Vulnerabilities and Exposures (CVE) disclosures poses significant challenges for enterprise security management, necessitating automated and quantitative risk assessment methodologies. Existing vulnerability analysis approaches suffer from three critical limitations: (1) lack of systematic severity quantification models that integrate heterogeneous attack attributes, (2) insufficient exploration of latent correlations among risk factors, and (3) absence of cumulative risk distribution analysis for prioritized remediation. To address these challenges, we propose MVRAF (Multi-dimensional Vulnerability Risk Assessment Framework), a comprehensive data-driven framework for large-scale CVE security analysis. Our framework introduces three key innovations: (1) a Vulnerability Severity Quantification Model that transforms CVSS attributes into normalized risk metrics through weighted aggregation of exploitability and CIA impact scores, (2) a Risk Factor Correlation Analysis module that captures statistical dependencies among attack vectors, complexity, and privilege requirements via correlation matrices, and (3) an Empirical Risk Distribution mechanism that enables cumulative threat assessment for resource allocation optimization. Extensive experiments on 1,314 real-world CVE records from the National Vulnerability Database demonstrate that our framework effectively identifies risk hotspots, with 46.2% of network-based vulnerabilities classified as high-risk and strong correlations observed between CIA impacts and overall severity scores.