Artificial intelligence: a modern approach
Artificial intelligence: a modern approach
A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Model-based analysis of configuration vulnerabilities
Journal of Computer Security
Representing TCP/IP Connectivity For Topological Analysis of Network Security
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
An Intrusion Alert Correlator Based on Prerequisites of Intrusions
An Intrusion Alert Correlator Based on Prerequisites of Intrusions
Active Vulnerability Assessment of Computer Networks by Simulation of Complex Remote Attacks
ICCNMC '03 Proceedings of the 2003 International Conference on Computer Networks and Mobile Computing
NetKuang: a multi-host configuration vulnerability checker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Enterprise Information Systems
EVMAT: an OVAL and NVD based enterprise vulnerability modeling and assessment tool
Proceedings of the 49th Annual Southeast Regional Conference
A multi-layer tree model for enterprise vulnerability management
Proceedings of the 2011 conference on Information technology education
Hi-index | 0.00 |
Many security problems are caused by vulnerabilities hidden in enterprise computer networks. It is very important for system administrators to have knowledge about the security vulnerabilities. However, current vulnerability assessment methods may encounter the issues of high false positive rates, long computational time, and requirement of developing attack codes. Moreover, they are only capable of locating individual vulnerabilities on a single host without considering correlated effect of these vulnerabilities on a host or a section of network with the vulnerabilities possibly distributed among different hosts. To address these issues, an active vulnerability assessment system NetScope with C/S architecture is developed for evaluating computer network security based on open vulnerability assessment language instead of simulating attacks. The vulnerabilities and known attacks with their prerequisites and consequences are modeled based on predicate logic theory and are correlated so as to automatically construct potential attack paths with strong operation power of relational database management system. The testing results from a series of experiments show that this system has the advantages of a low false positive rate, short running periods, and little impact on the performance of audited systems and good scalability. The security vulnerabilities, undetectable if assessed individually in a network, are discovered without the need to simulate attacks. It is shown that the NetScope system is well suited for vulnerability assessment of large-scale computer networks such as campus networks and enterprise networks. Moreover, it can also be easily integrated with other security tools based on relational databases.