A hybrid ranking approach to estimate vulnerability for dynamic attacks

Authors:
Feng Zhao;Heqing Huang;Hai Jin;Qin Zhang
Affiliations:
School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China and Services Computing Technology and System Lab, Wuhan 430074, China and Cluster and ...;School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China;School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China and Services Computing Technology and System Lab, Wuhan 430074, China and Cluster and ...;School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China and Services Computing Technology and System Lab, Wuhan 430074, China and Cluster and ...
Venue:
Computers & Mathematics with Applications
Year:
2011

Citing 8
Cited 0

Scalable, graph-based network vulnerability analysis

Proceedings of the 9th ACM conference on Computer and communications security
Two Formal Analys s of Attack Graphs

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A Systematic Approach to Multi-Stage Network Attack Analysis

IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
A method for modeling and quantifying the security attributes of intrusion tolerant systems

Performance Evaluation - Dependable systems and networks-performance and dependability symposium (DSN-PDS) 2002: Selected papers
Incentive-based modeling and inference of attacker intent, objectives, and strategies

ACM Transactions on Information and System Security (TISSEC)
Practical Attack Graph Generation for Network Defense

ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
A New Distributed IDS Based on CVSS Framework

SITIS '08 Proceedings of the 2008 IEEE International Conference on Signal Image Technology and Internet Based Systems
A comparative analysis of network dependability, fault-tolerance, reliability, security, and survivability

IEEE Communications Surveys & Tutorials

Quantified Score

Hi-index	0.09

Visualization

Abstract

To enhance security in dynamic networks, it is important to evaluate the vulnerabilities and offer economic and practical patching strategy since vulnerability is the major driving force for attacks. In this paper, a hybrid ranking approach is presented to estimate vulnerabilities under the dynamic scenarios, which is a combination of low-level rating for vulnerability instances and high-level evaluation for the security level of the network system. Moreover, a novel quantitative model, an adapted attack graph, is also proposed to escaping isolated scoring, which takes the dynamic and logic relations among exploits into account, and significantly benefits to vulnerability analysis. To validate applicability and performance of our approach, a hybrid ranking case is implemented as experimental platform. The ranking results show that our approach differentiates the influential levels among vulnerabilities under dynamic attacking scenarios and economically enhances the security of network system.