A Proximity-Based Measure for Quantifying the Risk of Vulnerabilities
作者: Ghanshyam S. Bopche , Gopal N. Rai , D. R. Denslin Brabin , B. M. Mehtre
DOI: 10.1007/978-981-15-4825-3_4
关键词:
摘要: Identification and remediation of the system vulnerabilities that pose highest risk are crucial for maintaining security posture computer networks. In literature a large number metrics available vulnerability assessment. However, they fail to consider critical network conditions affect success an adversary. Consequently, evaluation based on current is misleading, hence, derived plan often results in ineffective application countermeasures. To overcome this problem, we have proposed comprehensive, integrated metric called Improved Relative Cumulative Risk (IRCR). For given vulnerability, IRCR takes into account CVSS Base Score, proximity from attacker’s initial position, neighboring vulnerabilities. The tested synthetic network, experimental show can be used effectively assessing each exploitable Based recommendations, administrator accurately determine top prioritize activities accordingly. validate efficacy applicability method, compared with state-of-the-art attack graph-based such as cumulative probability, resistance. Experimental demonstrate complementary measuring influential levels
springer.com
sci-hub.st 参考文章(25)
Hannes Holm, Khalid Khan Afridi, An expert-based investigation of the Common Vulnerability Scoring System Computers & Security. ,vol. 53, pp. 18- 30 ,(2015) , 10.1016/J.COSE.2015.04.012
Lingyu Wang, Sushil Jajodia, Anoop Singhal, Steven Noel, k-zero day safety: measuring the security risk of networks against unknown attacks european symposium on research in computer security. ,vol. 6345, pp. 573- 587 ,(2010) , 10.1007/978-3-642-15497-3_35
Lingyu Wang, Tania Islam, Tao Long, Anoop Singhal, Sushil Jajodia, An Attack Graph-Based Probabilistic Security Metric Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security. ,vol. 5094, pp. 283- 296 ,(2008) , 10.1007/978-3-540-70567-3_22
Candace Suh-Lee, Juyeon Jo, Quantifying security risk by measuring network risk conditions annual acis international conference on computer and information science. pp. 9- 14 ,(2015) , 10.1109/ICIS.2015.7166562
Ghanshyam S. Bopche, Babu M. Mehtre, Exploiting curse of diversity for improved network security advances in computing and communications. pp. 1975- 1981 ,(2015) , 10.1109/ICACCI.2015.7275907
Nirnay Ghosh, S. K. Ghosh, A planner-based approach to generate and analyze minimal attack graph Applied Intelligence. ,vol. 36, pp. 369- 390 ,(2012) , 10.1007/S10489-010-0266-8
Lingyu Wang, Sushil Jajodia, Anoop Singhal, Pengsu Cheng, Steven Noel, k-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities IEEE Transactions on Dependable and Secure Computing. ,vol. 11, pp. 30- 44 ,(2014) , 10.1109/TDSC.2013.24
Paul Ammann, Duminda Wijesekera, Saket Kaushik, Scalable, graph-based network vulnerability analysis Proceedings of the 9th ACM conference on Computer and communications security - CCS '02. pp. 217- 224 ,(2002) , 10.1145/586110.586140
Feng Zhao, Heqing Huang, Hai Jin, Qin Zhang, A hybrid ranking approach to estimate vulnerability for dynamic attacks Computers & Mathematics With Applications. ,vol. 62, pp. 4308- 4321 ,(2011) , 10.1016/J.CAMWA.2011.09.031
Peter Mell, Karen Scarfone, Sasha Romanosky, Common Vulnerability Scoring System ieee symposium on security and privacy. ,vol. 4, pp. 85- 89 ,(2006) , 10.1109/MSP.2006.145