Abstract
Due to the increasing number of network security vulnerabilities, vulnerability risk assessment must be performed to prioritize the repair of high-risk vulnerabilities. Traditional vulnerability risk assessment is based primarily on the Common Vulnerability Scoring Systems (CVSS) and attack graphs. Nevertheless, the CVSS metrics ignore the impact of the vulnerability on the specific network, which accounts that the identical vulnerability exists in different network environments is assigned repeated values. Additionally, the attack graphs still suffer from scalability and readability issues. To solve the above problems, a ranking method based on the heterogeneous information network is innovatively proposed to assess the vulnerability risk in a specific network. It considers the exploitability of a vulnerability, the impact of a vulnerability on the network components, and the importance of the vulnerable components. First, a heterogeneous information network containing vulnerability and host and the relationships between host and host is constructed to compute the risk score for each vulnerability and implement the ranking process. Second, a model extension method is proposed to adapt to situations in which additional factors related to vulnerability risk assessment need to be considered. Finally, we explore two case studies to compare the proposed method with CVSS and attack graph-based methods. The simulation results show that the proposed method can accurately assess the risk of vulnerabilities in a specific network environment and that it has a lower computational complexity than other methods.
Highlights
With the rapid development of computer networks, the scale of networks is increasing, and a variety of network attacks and vulnerabilities have become increasingly common
Given the problems mentioned above, this paper proposes a ranking method based on the Heterogeneous Information Network (HIN) [9] for vulnerability risk assessment
Compared with the Common Vulnerability Scoring Systems (CVSS) metrics approach, the vulnerability risk assessment method proposed in this paper provides a more reasonable and accurate vulnerability risk value and can clearly distinguish among vulnerability risk values to provide a high-quality vulnerability repair strategy
Summary
With the rapid development of computer networks, the scale of networks is increasing, and a variety of network attacks and vulnerabilities have become increasingly common. Given the problems mentioned above, this paper proposes a ranking method based on the Heterogeneous Information Network (HIN) [9] for vulnerability risk assessment. To perform network security risk analysis, reference [23] combined CVSS metrics with an attack graph to provide precise assessments of the risk of a vulnerability. VULNERABILITY RISK ASSESSMENT MODEL we first briefly review the heterogeneous information network and construct the Device-Vulnerability bi-type graph. B. VULNERABILITY RISK ASSESSMENT BASED ON THE HETEROGENEOUS INFORMATION NETWORK In a specific network environment, the risk score of a vulnerability is related to its own attributes, such as exploitability and component impact, and to the network environment in which the vulnerability is located. When the difference between two iterations is less than 10−7, we consider the result convergent
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
