Firewalls and Internet security: repelling the wily hacker
Firewalls and Internet security: repelling the wily hacker
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Timing the Application of Security Patches for Optimal Uptime
LISA '02 Proceedings of the 16th USENIX conference on System administration
Policy-Controlled Event Management for Distributed Intrusion Detection
ICDCSW '05 Proceedings of the Fourth International Workshop on Distributed Event-Based Systems (DEBS) (ICDCSW'05) - Volume 04
Vulnerability analysis For evaluating quality of protection of security policies
Proceedings of the 2nd ACM workshop on Quality of protection
A scalable approach to attack graph generation
Proceedings of the 13th ACM conference on Computer and communications security
Practical Attack Graph Generation for Network Defense
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
MulVAL: a logic-based network security analyzer
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
The dark oracle: perspective-aware unused and unreachable address discovery
NSDI'06 Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3
Leveraging User Interactions for In-Depth Testing of Web Applications
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Identifying Critical Attack Assets in Dependency Attack Graphs
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Principles for developing comprehensive network visibility
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
CloudAV: N-version antivirus in the network cloud
SS'08 Proceedings of the 17th conference on Security symposium
A reactive measurement framework
PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
State of the Art: Automated Black-Box Web Application Vulnerability Testing
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
HotOS'09 Proceedings of the 12th conference on Hot topics in operating systems
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
WIND: workload-aware INtrusion detection
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Effective network vulnerability assessment through model abstraction
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
| Hi-index | 0.00 |
Enterprise networks face a variety of threats including worms, viruses, and DDoS attacks. Development of effective defenses against these threats requires accurate inventories of network devices and the services they are running. Traditional vulnerability scanning systems meet these requirements by periodically probing target networks to discover hosts and the services they are running. This polling-based model of vulnerability scanning suffers from two problems that limit its effectiveness--wasted network resources and detection latency that leads to stale data. We argue that these limitations stem primarily from the use of time as the scanning decision variable. To mitigate these problems, we instead advocate for an event-driven approach that decides when to scan based on changes in the network context--an instantaneous view of the host and network state. In this paper, we propose an architecture for building network context for enterprise security applications by using existing passive data sources and common network formats. Using this architecture, we built CANVuS, a context-aware network vulnerability scanning system that triggers scanning operations based on changes indicated by network activities. Experimental results show that this approach outperforms the existing models in timeliness and consumes much fewer network resources.