Skip to main content
SpringerLink
Log in

Zero-Day Vulnerability Risk Assessment and Attack Path Analysis Using Security Metric

  • Conference paper
  • First Online:
Book cover Artificial Intelligence and Security (ICAIS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11635))

Included in the following conference series:

Abstract

Zero-day vulnerability has been considered one of the most serious threats to network security at present. Current researches on zero-day vulnerability risk assessment are mainly focused on the number of necessary zero-day vulnerabilities for attack to exploit to reach the target. However, in practice, it is difficult to realize risk assessment of single zero-day vulnerability by existing methods. In this paper, a zero-day vulnerability and attack path risk assessment method is proposed for internal network. Four kinds of security metrics and a zero-day vulnerability discovery and zero-day attack graph generation algorithm are designed. By contrasting the preconditions with postconditions of known vulnerabilities, attack complexity and impact of zero-day vulnerabilities in various contexts are analyzed. Experimental results show that the proposed method can quantitatively assess risk of single zero-day vulnerability and attack path from multiple dimensionalities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Wang, L., Jajodla, S., Singhal, A., et al.: k-zero day safety: measuring the security risk of networks against unknown attacks. Lect. Notes Comput. Sci. 11(1), 573–587 (2010)

    Article  Google Scholar 

  2. Wang, L., Jajodla, S., Singhal, A., et al.: K-zero day safety: a network security metric for measuring the risk of unknown vulnerabilities. IEEE Trans. Depend. Secur. Comput. 11(1), 30–44 (2014)

    Article  Google Scholar 

  3. Wang, L., Zhang, M., Jajodia, S., Singhal, A., Albanese, M.: Modeling network diversity for evaluating the robustness of networks against zero-day attacks. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 494–511. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_28

    Chapter  Google Scholar 

  4. Zhang, M., Wang, L., Jajodia, S., et al.: Network diversity: a security metric for evaluating the resilience of networks against zero-day attacks. IEEE Trans. Inf. Forensics Secur. 11(5), 1071–1086 (2016)

    Article  Google Scholar 

  5. Albanese, M., Jajodia, S., et al.: An efficient approach to assessing the risk of zero-day vulnerabilities. In: International Conference on Security and Cryptography, pp. 1–12. IEEE, Iceland (2013)

    Google Scholar 

  6. Yang, Y., et al.: An augmented 0-day attack graph generation method. DEStech Trans. Comput. Sci. Eng. (aice-ncs) (2016)

    Google Scholar 

  7. Dai, J., Sun, X., Liu, P.: Patrol: revealing zero-day attack paths through network-wide system object dependencies. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 536–555. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40203-6_30

    Chapter  Google Scholar 

  8. Sun, X., Dai, J., Liu, P., Singhal, A., Yen, J.: Towards probabilistic identification of zero-day attack paths. In: Communications and Network Security, pp. 64–72. IEEE (2016)

    Google Scholar 

  9. Sun, X., Dai, J., Liu, P., Singhal, A.: Using Bayesian networks for probabilistic identification of zero-day attack paths. IEEE Trans. Inf. Forensics Secur. 13(10), 2506–2521 (2018)

    Article  Google Scholar 

  10. Joshi, C., et al.: An enhanced framework for identification and risks assessment of zero-day vulnerabilities. Int. J. Appl. Eng. Res. 13(12), 10861–10870 (2018)

    Google Scholar 

  11. Ye, Z., Guo, Y., et al.: Survey on application of attack graph technology. J. Commun. 38(11), 121–132 (2017)

    Google Scholar 

  12. National Vulnerability Database. https://web.nvd.nist.gov. Accessed 10 Nov 2018

  13. Chen, L., Yang, C., Liu, F., Gong, D., Ding, S.: Automatic mining of security-sensitive functions from source code. CMC: Comput. Mater. Continua 56(2), 199–210 (2018)

    Google Scholar 

  14. Hong, J., Kim, D., Chung, C.: A survey on the usability and practical applications of graphical security models. Comput. Sci. Rev. 26, 1–16 (2017)

    Article  MathSciNet  Google Scholar 

  15. Zhang, H., Yi, Y., Wang, J., et al.: Network security situation awareness framework based on threat intelligence. CMC: Comput. Mater. Continua 56(3), 381–399 (2018)

    Google Scholar 

  16. Wang, L., Sushil, J., Anoop, S.: Network Security Metric. Springer, Switzerland (2017)

    Book  Google Scholar 

  17. Common vulnerability scoring system. http://www.First.org/cvss. Accessed 10 Nov 2018

Download references

Author information

Authors and Affiliations

  1. Zhengzhou Information Science and Technology Institute, Zhengzhou, 450001, China

    Ziwei Ye, Yuanbo Guo & Ankang Ju

Authors
  1. Ziwei Ye
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuanbo Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ankang Ju
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ziwei Ye .

Editor information

Editors and Affiliations

  1. Nanjing University of Information Science and Technology, Nanjing, China

    Xingming Sun

  2. Nanjing University of Information Science and Technology, Nanjing, China

    Zhaoqing Pan

  3. Purdue University, West Lafayette, IN, USA

    Elisa Bertino

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ye, Z., Guo, Y., Ju, A. (2019). Zero-Day Vulnerability Risk Assessment and Attack Path Analysis Using Security Metric. In: Sun, X., Pan, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2019. Lecture Notes in Computer Science(), vol 11635. Springer, Cham. https://doi.org/10.1007/978-3-030-24268-8_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-24268-8_25

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-24267-1

  • Online ISBN: 978-3-030-24268-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation