Abstract

With all the news on cyber attacks and computer security in the last few years, it does not take much time to realize that some action must be taken to protect our organization before it hits close to our home. In fact, security has gone from backroom to the boardroom in a lightning speed. Network security depends on most of network configuration and vulnerabilities. Each machines overall susceptibility to attack depends upon the vulnerabilities of another machine. An attacker tries to exploit the least secure system by small attacks iteratively, where each exploit in the network provide the platform for subsequent exploit. Such a series is known as attack path and the set of all possible paths will form an attack graph. By their highly interdependencies, it is much complex to draw traditional vulnerability analysis. Several works have been done to construct an attack graphs. The goal of this paper is to provide a framework, architecture, and an intelligent approach to vulnerability analysis by utilizing the concept of automated scanning tools. By the changing environment, conducting a periodic in-house vulnerability assessment is very much essential.

References

• Nessus Open source vulnerability scanner project. http://en.wikipedia.org/wiki/Nessus_(software), 10-07-2016.
• Retina Security Scanner. https://www.beyondtrust.com/products/retina-network-security-scanner, 06-07-2016.
• L. Williams, R. Lippmann, K. Imgols, “An Interactive Attack Graph Cascade and Reachability Display,“ VIZSEC 2007.
• http://www.cert.org/vulnerability-analysis/knowledgebase/index.cfm, 15-07-2016.
• Common Vulnerabilities and Exposures (CVE), https://cve.mitre.org, 15-07-2016.
• Open Source Vulnerability Database(OSVD), http://osvdb.org
• L. Wang, S. Jajodia, A. Singhal, P. Cheng, and S. Noel, “K-zero day safety: a network security metric for mearsuring the risk of unknown vulnerabilities,” IEEE Transaction on Dependable and Secure Computing, vol. 11, no. 1, pp. 33-44, 2014.
• Tito Waluyo Purboyo, Kuspriyanto, “A Framework for Analysis A Network Vulnerability,” IJETTCS, vol. 2, pp. 405-409, August 2013.
• C. Phillips and L. Swiler, “A graph-based system for network vulnerability analysis,” In Proceedings of the New Security Paradigms Workshop, pp. 71–79, Charlottesville, VA, 1998.
• S. Templeton and K. Levitt, “A requires/provides model for computer attacks,” In Procesdings of the New Security Paradigms Workshop, cork, Ireland, September 2000.
• J. Dawkins, C. Campbell, and J. Hale, “Modeling network attacks: Extending the attack tree paradigm,” In workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection, Johns Hopkins University, June 2002.
• L. Swiler, C. Phillips, D. Ellis, and S. Chakerian, “Computer-attack graph generation tool, ”In Proceedings DISCEX ’01: DARPA Information Survivability Conference & Exposition II, pp 307–321, June 2001.
• R. W. Ritchey and P. Ammann, “Using model checking to analyze network vulnerabilities,” In Proceeding of the 2000 IEEE Symposium on Security and Privacy (Oakland 2000), pp 156-165, Oakland, CA, May 2000.
• O. Sheyner, J. Haines, S. Jha, R. Lippmann, J. Wing, “Automated Generation and Analysis of Attack Graphs,” in Proceedings of IEEE Symposium on Security and Privacy, Oakland, California, May 2002.
• P. Ammann, D. Wijesekera, S. Kaushik, “Scalable, Graph-Based Network Vulnerabity Analysis,” in Proceedings of CCS 2002: 9th ACM Conference on Computer and Communications Security, Washington, DC, November 2002.
• S. Noel, M. Elder, S. Jajodia, P. Kalapa, S. O’Hare, K. Prole, “Advances in Topological Vulnerability Analysis,” IEEE CATCH 2009.
• X. Ou, S. Govindavajhala, A.W. Appel, “ MulVAL: A Logic-based Network Security Analyzer,” In SSYM’05: Proceedings of the 14th conference on USENIX Security Symposium, pp 8-8, Berkeley, CA, USA, 2005.
• S. Jajodia, S. Noel, “Topological Vulnerability Analysis : A Powerful New Approach for Network Attack Prevention, Detection, and Response,” Indian Statistical Institute Monograph Series, World Scientific Press, 2008.
• D. Saha, “Extending Logical Attack Graphs for Efficient Vulnerability Analysis,” in Proceedings of CCS’08: 15th ACM conference on Computer and Communications Security, Alexandria, Virginia, USA, October 27-31, 2008.
• J. Hong and D.S. Kim, “HARMs: Hierarchical Attack Representaion Models for Network Security Analysis,” SRI Security Research Institute, Edith Cowan University, Perth, Australia, 2012.
• N. C. Idika, “Characterizing and aggregating attack graph-based secuurity metric [Ph.D. thesis],” Center for Education and Research, Information Assurance and Security, Purdue University, 2010.