Title :
Vulnerability ranking based on exploitation and defense graph
Author :
Yang, Xia ; Shunhong, Song ; Yuliang, Lu
Author_Institution :
Dept. of Network Eng., Electron. Eng. Inst., Hefei, China
Abstract :
Network security analysis based on attack graphs has been applied extensively in recent years. The ranking of nodes in an attack graph is an important step towards analyzing network security, which can distill the overwhelming amount of information into a list of priorities that will help network administrators to efficiently utilize scarce resources. In this paper, we propose a new methodology called DBRank for ranking vulnerabilities to patch in computing networks. DBRank prioritizes vulnerabilities based on the diffusibility and benefit of vulnerability exploitation. Different from other approaches, DBRank takes into account the network topology and exploitation benefit in calculating their relative risk and priority. The experiments yielded promising results that this method can be used in hardening network security.
Keywords :
computer network security; telecommunication network topology; DBRank; attack graphs; computing networks; defense graph; network security analysis; network topology; network vulnerability ranking; Fires; Exploitation and Defense Graph; Ranking; Security Metric; Vulnerability;
Conference_Titel :
Information Networking and Automation (ICINA), 2010 International Conference on
Conference_Location :
Kunming
Print_ISBN :
978-1-4244-8104-0
Electronic_ISBN :
978-1-4244-8106-4
DOI :
10.1109/ICINA.2010.5636412
