Abstract
Zero-day vulnerability has been considered one of the most serious threats to network security at present. Current researches on zero-day vulnerability risk assessment are mainly focused on the number of necessary zero-day vulnerabilities for attack to exploit to reach the target. However, in practice, it is difficult to realize risk assessment of single zero-day vulnerability by existing methods. In this paper, a zero-day vulnerability and attack path risk assessment method is proposed for internal network. Four kinds of security metrics and a zero-day vulnerability discovery and zero-day attack graph generation algorithm are designed. By contrasting the preconditions with postconditions of known vulnerabilities, attack complexity and impact of zero-day vulnerabilities in various contexts are analyzed. Experimental results show that the proposed method can quantitatively assess risk of single zero-day vulnerability and attack path from multiple dimensionalities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Wang, L., Jajodla, S., Singhal, A., et al.: k-zero day safety: measuring the security risk of networks against unknown attacks. Lect. Notes Comput. Sci. 11(1), 573–587 (2010)
Wang, L., Jajodla, S., Singhal, A., et al.: K-zero day safety: a network security metric for measuring the risk of unknown vulnerabilities. IEEE Trans. Depend. Secur. Comput. 11(1), 30–44 (2014)
Wang, L., Zhang, M., Jajodia, S., Singhal, A., Albanese, M.: Modeling network diversity for evaluating the robustness of networks against zero-day attacks. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 494–511. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_28
Zhang, M., Wang, L., Jajodia, S., et al.: Network diversity: a security metric for evaluating the resilience of networks against zero-day attacks. IEEE Trans. Inf. Forensics Secur. 11(5), 1071–1086 (2016)
Albanese, M., Jajodia, S., et al.: An efficient approach to assessing the risk of zero-day vulnerabilities. In: International Conference on Security and Cryptography, pp. 1–12. IEEE, Iceland (2013)
Yang, Y., et al.: An augmented 0-day attack graph generation method. DEStech Trans. Comput. Sci. Eng. (aice-ncs) (2016)
Dai, J., Sun, X., Liu, P.: Patrol: revealing zero-day attack paths through network-wide system object dependencies. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 536–555. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40203-6_30
Sun, X., Dai, J., Liu, P., Singhal, A., Yen, J.: Towards probabilistic identification of zero-day attack paths. In: Communications and Network Security, pp. 64–72. IEEE (2016)
Sun, X., Dai, J., Liu, P., Singhal, A.: Using Bayesian networks for probabilistic identification of zero-day attack paths. IEEE Trans. Inf. Forensics Secur. 13(10), 2506–2521 (2018)
Joshi, C., et al.: An enhanced framework for identification and risks assessment of zero-day vulnerabilities. Int. J. Appl. Eng. Res. 13(12), 10861–10870 (2018)
Ye, Z., Guo, Y., et al.: Survey on application of attack graph technology. J. Commun. 38(11), 121–132 (2017)
National Vulnerability Database. https://web.nvd.nist.gov. Accessed 10 Nov 2018
Chen, L., Yang, C., Liu, F., Gong, D., Ding, S.: Automatic mining of security-sensitive functions from source code. CMC: Comput. Mater. Continua 56(2), 199–210 (2018)
Hong, J., Kim, D., Chung, C.: A survey on the usability and practical applications of graphical security models. Comput. Sci. Rev. 26, 1–16 (2017)
Zhang, H., Yi, Y., Wang, J., et al.: Network security situation awareness framework based on threat intelligence. CMC: Comput. Mater. Continua 56(3), 381–399 (2018)
Wang, L., Sushil, J., Anoop, S.: Network Security Metric. Springer, Switzerland (2017)
Common vulnerability scoring system. http://www.First.org/cvss. Accessed 10 Nov 2018
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Ye, Z., Guo, Y., Ju, A. (2019). Zero-Day Vulnerability Risk Assessment and Attack Path Analysis Using Security Metric. In: Sun, X., Pan, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2019. Lecture Notes in Computer Science(), vol 11635. Springer, Cham. https://doi.org/10.1007/978-3-030-24268-8_25
Download citation
DOI: https://doi.org/10.1007/978-3-030-24268-8_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24267-1
Online ISBN: 978-3-030-24268-8
eBook Packages: Computer ScienceComputer Science (R0)