Network-vulnerability evaluation method based on network centrality

doi:10.7523/j.issn.2095-6134.2012.4.015

›› 2012, Vol. 29 ›› Issue (4): 529-535.DOI: 10.7523/j.issn.2095-6134.2012.4.015

Previous Articles Next Articles

Network-vulnerability evaluation method based on network centrality

JIA Wei^1,2,3, FENG Deng-Guo², LIAN Yi-Feng^2,3

1. Department of Electronic Engineering and Information Science, University of Science and Technology of China, Hefei 230026, China;
2. State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;
3. National Engineering Research Center for Information Security, Beijing 100080, China

Received:2011-04-15 Revised:2011-06-07 Online:2012-07-15

Abstract

Abstract: We propose a method based on network centrality to evaluate the vulnerabilities of computer networks. We evaluate the attack costs based on CVSS and analyze the minimum attack cost routes by using the quantitative results. Then, we present a new network centrality method which combines betweenness with degree-theory to analyze the importance of the nodes in attack graph. The method helps us to find the key vulnerabilities which have great effect on network security and to enhance the network security.

Key words: vulnerability, vulnerabilities attack graph, network centrality, betweenness, attack cost

CLC Number:

TP393

JIA Wei, FENG Deng-Guo, LIAN Yi-Feng. Network-vulnerability evaluation method based on network centrality[J]. , 2012, 29(4): 529-535.

References

[1] Frigault M, Wang L Y, Singhal A, et al. Measuring network security using dynamic Bayesian network //Conference on Computer and Communications Security Proceedings of the 4th ACM Workshop on Quality of Protection. New York, USA:ACM, 2008:23-30.
[2] Feng P H, Lian Y F, Dai Y X, et al. A vulnerability model of distributed systems based on reliability theory[J]. Journal of Software, 2006,17(7):1633-1640(in Chinese). 冯萍慧,连一峰,戴英侠,等. 基于可靠性理论的分布式系统脆弱性模型[J]. 软件学报, 2006,17(7):1633-1640.
[3] Zhang H X, Su P R, Feng D G. A network security analysis model based on the increase in attack ability[J]. Journal of Computer Research and Development, 2007,44(12):2012-2019(in Chinese). 张海霞,苏璞睿,冯登国. 基于攻击能力增长的网络安全分析模型[J]. 计算机研究与发展, 2007,44(12):2012-2019.
[4] Jiang W, Fang B X, Tian Z H, et al. Evaluating network security and optimal active defense based on attack-defense game model[J]. Chinese Journal of Computers, 2009, 32(4):817-825(in Chinese). 姜伟,方滨兴,田志宏,等. 基于攻防博弈模型的网络安全测评和最优主动防御[J]. 计算机学报, 2009, 32(4): 817-825.
[5] Sawilla R, Ou X M. Googling attack graphs . Defence R & D,Canada,Ottawa, Tech. Rep: TM 2007-205, 2007.
[6] FIRST. A complete guide to the common vulnerability scoring system version 2.0 . .http://www.first.org/cvss/cvss-guide.html.
[7] Barthelemy M. Betweenness centrality in large complex networks[J].Eurpean Physical Journal B,2004,38(2):163-168.
[8] Steven N, Sushil J D, Brian O B, et al. Efficient minimum-cost network hardening via exploit dependency graphs //Proceedings of ACSAC. 2003:86-95.
[9] National Institute of Standards and Technology. National vulnerability database . .http://nvd.nist.gov/.
[10] Bugtraq Vulnerability Archives. SecurityFocus . .http://www.securityfocus.com/vulnerabilities.

Network-vulnerability evaluation method based on network centrality

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 9

Recommended Articles

Metrics

Comments

[1]	WANG Linfeng, ZHANG Pingyu, LI He, LIU Shiwei. Vulnerability of social-ecosystem in agro-pastoral ecotone in western Northeast China [J]. , 2018, 35(3): 345-352.
[2]	DONG Ying, ZHANG Yuqing, YUE Hongzhou. Vulnerability exploitation for Joomla content management system [J]. , 2015, 32(6): 825-835.
[3]	YANG Xiaolin, LI Yiling. Dynamic assessment of environmental risk for Yangtze River basin using objective weighting method [J]. , 2015, 32(3): 349-355.
[4]	FANG Zhejun, LIU Qixu, ZHANG Yuqing. Design and implementation of capability leak detection for Android applications [J]. , 2015, 32(1): 127-135.
[5]	LUO Qi-Han, ZHANG Yu-Qing, LIU Qi-Xu. Design and implementation of a SQL injection vulnerability detection tool on RESTful API [J]. , 2013, 30(3): 417-424.
[6]	LUO Cheng, ZHANG Yu-Qing, WANG Long, LIU Qi-Xu. Automatic network protocol analysis and vulnerability discovery based on symbolic expression [J]. , 2013, 30(2): 278-284.
[7]	CHEN Jing-Feng, WANG Yi-Ding, ZHANG Yu-Qing, LIU Qi-Xu. Automatic generation of attack vectors for stored-XSS [J]. , 2012, (6): 815-820.
[8]	SONG Yang, ZHANG Yu-Qing. Algorithm for structural comparison and its software implement [J]. , 2009, 26(4): 549-554.
[9]	CHEN Si-Si, LIAN Yi-Feng , Jia Wei. A network vulnerability evaluation method based on Bayesian networks [J]. Journal of University of Chinese Academy of Sciences, 2008, 25(5): 639-648.