Network security analysis method based on vulnerability correlation

Chao Hai Xie; Ran Tao; Xue Jun Cai; Ma Ning Bi

Network security analysis method based on vulnerability correlation

Chao Hai Xie^*, Ran Tao, Xue Jun Cai, Ma Ning Bi

^*Corresponding author for this work

School of Information and Electronics

Research output: Contribution to journal › Article › peer-review

Abstract

Recently in-depth analysis of network security vulnerability must consider attacker exploits not just in isolation, but also in combination. The general approach to this problem is to compute attack graphs using a variety of graph-based algorithms. However, such methods generally suffer from the exponential state space problem. Therefore, two conceptions of vulnerability correlation matrix and vulnerability correlation graph (VCG) were introduced into network security analysis. An algorithm based on vulnerability correlation matrix was proposed to generate VCGs. An example was given to illustrate the application and effect of the algorithm in network security analysis. Deep analysis shows that VCGs have polynomial complexity of the number of network vulnerabilities, scale well for large networks, are convenient for network manager and helpful to improving network security.

Original language	English
Pages (from-to)	486-490
Number of pages	5
Journal	Binggong Xuebao/Acta Armamentarii
Volume	30
Issue number	4
Publication status	Published - Apr 2009

Keywords

Attack graph
Basic subject of science and technology for computer
Network security
Vulnerability correlation
Vulnerability correlation graph

Cite this

@article{671da7a3697b43238474bc9c46c5abdc,

title = "Network security analysis method based on vulnerability correlation",

abstract = "Recently in-depth analysis of network security vulnerability must consider attacker exploits not just in isolation, but also in combination. The general approach to this problem is to compute attack graphs using a variety of graph-based algorithms. However, such methods generally suffer from the exponential state space problem. Therefore, two conceptions of vulnerability correlation matrix and vulnerability correlation graph (VCG) were introduced into network security analysis. An algorithm based on vulnerability correlation matrix was proposed to generate VCGs. An example was given to illustrate the application and effect of the algorithm in network security analysis. Deep analysis shows that VCGs have polynomial complexity of the number of network vulnerabilities, scale well for large networks, are convenient for network manager and helpful to improving network security.",

keywords = "Attack graph, Basic subject of science and technology for computer, Network security, Vulnerability correlation, Vulnerability correlation graph",

author = "Xie, {Chao Hai} and Ran Tao and Cai, {Xue Jun} and Bi, {Ma Ning}",

year = "2009",

month = apr,

language = "English",

volume = "30",

pages = "486--490",

journal = "Binggong Xuebao/Acta Armamentarii",

issn = "1000-1093",

publisher = "China Ordnance Society",

number = "4",

}

TY - JOUR

T1 - Network security analysis method based on vulnerability correlation

AU - Xie, Chao Hai

AU - Tao, Ran

AU - Cai, Xue Jun

AU - Bi, Ma Ning

PY - 2009/4

Y1 - 2009/4

N2 - Recently in-depth analysis of network security vulnerability must consider attacker exploits not just in isolation, but also in combination. The general approach to this problem is to compute attack graphs using a variety of graph-based algorithms. However, such methods generally suffer from the exponential state space problem. Therefore, two conceptions of vulnerability correlation matrix and vulnerability correlation graph (VCG) were introduced into network security analysis. An algorithm based on vulnerability correlation matrix was proposed to generate VCGs. An example was given to illustrate the application and effect of the algorithm in network security analysis. Deep analysis shows that VCGs have polynomial complexity of the number of network vulnerabilities, scale well for large networks, are convenient for network manager and helpful to improving network security.

AB - Recently in-depth analysis of network security vulnerability must consider attacker exploits not just in isolation, but also in combination. The general approach to this problem is to compute attack graphs using a variety of graph-based algorithms. However, such methods generally suffer from the exponential state space problem. Therefore, two conceptions of vulnerability correlation matrix and vulnerability correlation graph (VCG) were introduced into network security analysis. An algorithm based on vulnerability correlation matrix was proposed to generate VCGs. An example was given to illustrate the application and effect of the algorithm in network security analysis. Deep analysis shows that VCGs have polynomial complexity of the number of network vulnerabilities, scale well for large networks, are convenient for network manager and helpful to improving network security.

KW - Attack graph

KW - Basic subject of science and technology for computer

KW - Network security

KW - Vulnerability correlation

KW - Vulnerability correlation graph

UR - http://www.scopus.com/inward/record.url?scp=65649089093&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:65649089093

SN - 1000-1093

VL - 30

SP - 486

EP - 490

JO - Binggong Xuebao/Acta Armamentarii

JF - Binggong Xuebao/Acta Armamentarii

IS - 4

ER -

Network security analysis method based on vulnerability correlation

Abstract

Keywords

Other files and links

Fingerprint

Cite this