Scalable Information Systems. 4th International ICST Conference, INFOSCALE 2009, Hong Kong, June 10-11, 2009, Revised Selected Papers

Research Article

A Scalable, Vulnerability Modeling and Correlating Method for Network Security

Download86 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-10485-5_16,
        author={Xuejiao Liu and Debao Xiao and Nian Ma and Jie Yu},
        title={A Scalable, Vulnerability Modeling and Correlating Method for Network Security},
        proceedings={Scalable Information Systems. 4th International ICST Conference, INFOSCALE 2009, Hong Kong, June 10-11, 2009, Revised Selected Papers},
        proceedings_a={INFOSCALE},
        year={2012},
        month={5},
        keywords={Network security scalable modeling vulnerability correlation},
        doi={10.1007/978-3-642-10485-5_16}
    }
    
  • Xuejiao Liu
    Debao Xiao
    Nian Ma
    Jie Yu
    Year: 2012
    A Scalable, Vulnerability Modeling and Correlating Method for Network Security
    INFOSCALE
    Springer
    DOI: 10.1007/978-3-642-10485-5_16
Xuejiao Liu1,*, Debao Xiao1, Nian Ma1, Jie Yu2
  • 1: HuaZhong Normal University
  • 2: National University of Defense Technology
*Contact email: liuxuejiao@gmail.com

Abstract

Nowadays attacks are becoming increasingly frequent and sophisticated, and they are also becoming increasingly interconnected. Recent works in network security have demostrated the fact that combinations of vulnerability exploits are the typical means by which an attacker can break into a network. It is therefore in great need of performing vulnerability analysis to do security analysis first and take the initiative to find hidden safety problems, then plan effective security measures. In this paper, we propose an analysis model, which derives vulnerability analysis functionality from the interaction of three distinct processes: scanning, modeling and correlating. Scanning is served as a significant issue for identifying vulnerabilities. Modeling provides a concise representation for expressing fact base such as host configuration, vulnerability information, and network topology. Moreover, correlating is used to provide a perspective into correlating isolated vulnerabilities in order to construct layered attack graph. Transition rule is presented in scalable design, which enables highly efficient methods of vulnerability correlation algorithm. Finally, a real case study has been described to demonstrate the capability of our model.