Year-end Sale % OFF 
Abstract
Due to the increasing number of network security vulnerabilities, vulnerability risk assessment must be performed to prioritize the repair of high-risk vulnerabilities. Traditional vulnerability risk assessment is based primarily on the Common Vulnerability Scoring Systems (CVSS) and attack graphs. Nevertheless, the CVSS metrics ignore the impact of the vulnerability on the specific network, which accounts that the identical vulnerability exists in different network environments is assigned repeated values. Additionally, the attack graphs still suffer from scalability and readability issues. To solve the above problems, a ranking method based on the heterogeneous information network is innovatively proposed to assess the vulnerability risk in a specific network. It considers the exploitability of a vulnerability, the impact of a vulnerability on the network components, and the importance of the vulnerable components. First, a heterogeneous information network containing vulnerability and host and the relationships between host and host is constructed to compute the risk score for each vulnerability and implement the ranking process. Second, a model extension method is proposed to adapt to situations in which additional factors related to vulnerability risk assessment need to be considered. Finally, we explore two case studies to compare the proposed method with CVSS and attack graph-based methods. The simulation results show that the proposed method can accurately assess the risk of vulnerabilities in a specific network environment and that it has a lower computational complexity than other methods.
Highlights
With the rapid development of computer networks, the scale of networks is increasing, and a variety of network attacks and vulnerabilities have become increasingly common
Given the problems mentioned above, this paper proposes a ranking method based on the Heterogeneous Information Network (HIN) [9] for vulnerability risk assessment
Compared with the Common Vulnerability Scoring Systems (CVSS) metrics approach, the vulnerability risk assessment method proposed in this paper provides a more reasonable and accurate vulnerability risk value and can clearly distinguish among vulnerability risk values to provide a high-quality vulnerability repair strategy
Summary
With the rapid development of computer networks, the scale of networks is increasing, and a variety of network attacks and vulnerabilities have become increasingly common. Given the problems mentioned above, this paper proposes a ranking method based on the Heterogeneous Information Network (HIN) [9] for vulnerability risk assessment. To perform network security risk analysis, reference [23] combined CVSS metrics with an attack graph to provide precise assessments of the risk of a vulnerability. VULNERABILITY RISK ASSESSMENT MODEL we first briefly review the heterogeneous information network and construct the Device-Vulnerability bi-type graph. B. VULNERABILITY RISK ASSESSMENT BASED ON THE HETEROGENEOUS INFORMATION NETWORK In a specific network environment, the risk score of a vulnerability is related to its own attributes, such as exploitability and component impact, and to the network environment in which the vulnerability is located. When the difference between two iterations is less than 10−7, we consider the result convergent
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
