Research Article
A Scalable, Vulnerability Modeling and Correlating Method for Network Security
@INPROCEEDINGS{10.1007/978-3-642-10485-5_16, author={Xuejiao Liu and Debao Xiao and Nian Ma and Jie Yu}, title={A Scalable, Vulnerability Modeling and Correlating Method for Network Security}, proceedings={Scalable Information Systems. 4th International ICST Conference, INFOSCALE 2009, Hong Kong, June 10-11, 2009, Revised Selected Papers}, proceedings_a={INFOSCALE}, year={2012}, month={5}, keywords={Network security scalable modeling vulnerability correlation}, doi={10.1007/978-3-642-10485-5_16} }- Xuejiao Liu
Debao Xiao
Nian Ma
Jie Yu
Year: 2012
A Scalable, Vulnerability Modeling and Correlating Method for Network Security
INFOSCALE
Springer
DOI: 10.1007/978-3-642-10485-5_16
Abstract
Nowadays attacks are becoming increasingly frequent and sophisticated, and they are also becoming increasingly interconnected. Recent works in network security have demostrated the fact that combinations of vulnerability exploits are the typical means by which an attacker can break into a network. It is therefore in great need of performing vulnerability analysis to do security analysis first and take the initiative to find hidden safety problems, then plan effective security measures. In this paper, we propose an analysis model, which derives vulnerability analysis functionality from the interaction of three distinct processes: scanning, modeling and correlating. Scanning is served as a significant issue for identifying vulnerabilities. Modeling provides a concise representation for expressing fact base such as host configuration, vulnerability information, and network topology. Moreover, correlating is used to provide a perspective into correlating isolated vulnerabilities in order to construct layered attack graph. Transition rule is presented in scalable design, which enables highly efficient methods of vulnerability correlation algorithm. Finally, a real case study has been described to demonstrate the capability of our model.