CANVuS: context-aware network vulnerability scanning
作者: Yunjing Xu , Michael Bailey , Eric Vander Weele , Farnam Jahanian , None
DOI: 10.1007/978-3-642-15512-3_8
关键词:
摘要: Enterprise networks face a variety of threats including worms, viruses, and DDoS attacks. Development effective defenses against these requires accurate inventories network devices the services they are running. Traditional vulnerability scanning systems meet requirements by periodically probing target to discover hosts This polling-based model suffers from two problems that limit its effectiveness--wasted resources detection latency leads stale data. We argue limitations stem primarily use time as decision variable. To mitigate problems, we instead advocate for an event-driven approach decides when scan based on changes in context--an instantaneous view host state. In this paper, propose architecture building context enterprise security applications using existing passive data sources common formats. Using architecture, built CANVuS, context-aware system triggers operations indicated activities. Experimental results show outperforms models timeliness consumes much fewer resources.
springer.com
researchgate.net 
core.ac.uk 
sci-hub.st 参考文章(26)
Vaibhav Mehta, Constantinos Bartzis, Haifeng Zhu, Edmund Clarke, Jeannette Wing, Ranking Attack Graphs Lecture Notes in Computer Science. pp. 127- 144 ,(2006) , 10.1007/11856214_7
Evan Cooke, Michael Bailey, Farnam Jahanian, Richard Mortier, None, The dark oracle: perspective-aware unused and unreachable address discovery networked systems design and implementation. pp. 8- 8 ,(2006)
Vern Paxson, Robin Sommer, Christian Kreibich, Nicholas Weaver, Mark Allman, Principles for developing comprehensive network visibility usenix security symposium. pp. 11- ,(2008)
Farnam Jahanian, Jon Oberheide, Evan Cooke, CloudAV: N-version antivirus in the network cloud usenix security symposium. pp. 91- 106 ,(2008)
Sushant Sinha, Michael Bailey, Farnam Jahanian, None, Shedding Light on the Configuration of Dark Addresses. network and distributed system security symposium. ,(2007)
Mark Allman, Vern Paxson, A reactive measurement framework passive and active network measurement. pp. 92- 101 ,(2008) , 10.1007/978-3-540-79232-1_10
Farnam Jahanian, Jon Oberheide, Evan Cooke, If it ain't broke, don't fix it: challenges and new directions for inferring the impact of software patches HotOS'09 Proceedings of the 12th conference on Hot topics in operating systems. pp. 17- 17 ,(2009)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Sergio Maffeis, Martín Abadi, Cédric Fournet, Andrew D. Gordon, Code-Carrying Authorization european symposium on research in computer security. ,vol. 5283, pp. 563- 579 ,(2008) , 10.1007/978-3-540-88313-5_36
Sudhakar Govindavajhala, Xinming Ou, Andrew W. Appel, MulVAL: a logic-based network security analyzer usenix security symposium. pp. 8- 8 ,(2005)