Skip to main content
SpringerLink
Log in

Vulnerability Evaluating Based on Attack Graph

  • Conference paper
Book cover Trustworthy Computing and Services (ISCTCS 2012)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 320))

Included in the following conference series:

  • 3226 Accesses

Abstract

Networked hosts are facing more and more threats due to software vulnerabilities. Every year, there are an increasing number of security vulnerabilities discovered in software. It is impractical that we patch all the vulnerabilities because of the high cost of patching procedure. In this paper, we propose a user environments based scoring method. We analyze vulnerability impact from three aspects: confidentiality, integrity and availability. The score is customized to reflect the vulnerability’s risk under certain security request by assigning the weight on the three aspects according to the host’s function in an organization. We use attack graph to analyze the relationships among vulnerabilities in a host, and calculate on the context to get each vulnerability’s threat. The experimental results indicate that our scoring method can better reflect the real situation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. CVE, http://cve.mitre.org/

  2. CERT/CC,CERT/CC Statistics (2004-2008), http://www.cert.org/stats/cert_stats.html/

  3. NVD, http://nvd.nist.gov/

  4. CVSS, http://www.first.org/cvss/

  5. Open Source Vulnerability Database (OSVDB), http://osvdb.org/

  6. Public Cooperative Vulnerability Database, https://cirdb.cerias.purdue.edu/coopvdb/public/

  7. Security Focus Vulnerability Database, http://www.securityfocus.com/vulnerabilities

  8. Phillips, C., Swiler, L.: A graph-based system for network-vulnerability analysis. In: Proceedings of the New Security Paradigms Workshop, NSPW 1998 (1998)

    Google Scholar 

  9. Ritchey, R.W., Ammann, P.: Using model checking to analyze network vulnerabilities. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 156–165 (2001)

    Google Scholar 

  10. Sheyner, Haines, J., Jha, S., Lippmann, R.: Automated generation and analysis of attack graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 254–265 (2002)

    Google Scholar 

  11. Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, DC, USA, pp. 217–224 (2002)

    Google Scholar 

  12. SANS Institute. SANS Critical Vulnerability Analysis Archive. Undated (cited March 16, 2007)

    Google Scholar 

  13. Microsoft Corporation. Microsoft Security Response Center Security Bulletin Severity Rating System (November 2002) (cited March 16, 2007)

    Google Scholar 

  14. Sheyner, O., Wing, J.: Tools for Generating and Analyzing Attack Graphs. In: Proc. of Workshop on Formal Methods for Comp. and Objects, pp. 344–371 (2004)

    Google Scholar 

  15. Jha, S., Sheyner, O., Wing, J.: Two formal analyses of attack graphs. In: Proceedings of the 15th IEEE Computer Security Foundations Workshop, pp. 49–63 (2002)

    Google Scholar 

  16. Ingols, K., Lippmann, R., Piwowarski, K.: Practical Attack Graph Generation for Network Defense. In: Proc.of Comp. Sec. App. Conf., pp. 121–130 (2006)

    Google Scholar 

  17. Noel, S., Jacobs, M., Kalapa, P.: Multiple Coordinated Views for Network Attack Graphs. In: Workshop on Visualization for Computer Security, Minneapolis, MN, USA, October 26, pp. 99–106 (2005)

    Google Scholar 

  18. Dawkins, J., Hale, J.: A Systematic Approach to Multi-Stage Network Attack Analysis. In: Proceedings of the Second IEEE International Information Assurance Workshop (IWIA 2004) (2004)

    Google Scholar 

  19. Jajodia, S., Noel, S., O’Berry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats: Issues, Approaches and Challenges. Kluwer Academic Publishers, Dordrecht (2003)

    Google Scholar 

  20. Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Computer Communications 29(18), 3812–3824 (2006)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing, China

    Chunlu Wang, Yu Bao, Xuesen Liang & Tianle Zhang

  2. Key Laboratory of Trustworthy Distributed Computing and Service (BUPT), Ministry of Education, Beijing, China

    Chunlu Wang, Yu Bao, Xuesen Liang & Tianle Zhang

Authors
  1. Chunlu Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yu Bao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xuesen Liang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tianle Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Beijing University of Posts and Telecommunications, Beijing, China

    Yuyu Yuan  & Xu Wu  & 

  2. The School of Telecommunications Engineering, Beijing University of Posts and Telecommunications Beijing, P. O. Box 128, 100876, Beijing, China

    Yueming Lu

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wang, C., Bao, Y., Liang, X., Zhang, T. (2013). Vulnerability Evaluating Based on Attack Graph. In: Yuan, Y., Wu, X., Lu, Y. (eds) Trustworthy Computing and Services. ISCTCS 2012. Communications in Computer and Information Science, vol 320. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35795-4_70

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35795-4_70

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35794-7

  • Online ISBN: 978-3-642-35795-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation