Automated generation of attack graphs using NVD

M. Ugur Aksu, Kemal Bicakci, M. Hadi Dilek, A. Murat Ozbayoglu, E. İslam Tatlı

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

40 Citations (Scopus)

Abstract

Today’s computer networks are prone to sophisticated multi-step, multi-host attacks. Common approaches of identifying vulnerabilities and analyzing the security of such networks with naive methods such as counting the number of vulnerabilities, or examining the vulnerabilities independently produces incomprehensive and limited security assessment results. On the other hand, attack graphs generated from the identified vulnerabilities at a network illustrate security risks via attack paths that are not apparent with the results of the primitive approaches. One common technique of generating attack graphs requires well established definitions and data of prerequisites and postconditions for the known vulnerabilities. A number of works suggest prerequisite and postcondition categorization schemes for software vulnerabilities. However, generating them in an automated way is an open issue. In this paper, we first define a model that evolves over the previous works to depict the requirements of exploiting vulnerabilities for generating attack graphs. Then we describe and compare the results of two different novel approaches (rule-based and machine learning-employed) that we propose for generating attacker privilege fields as prerequisites and postconditions from the National Vulnerability Database (NVD) in an automated way. We observe that prerequisite and postcondition privileges can be generated with overall accuracy rates of 88,8 % and 95,7 % with rule-based and machine learning-employed (Multilayer Perceptron) models respectively.

Original languageEnglish
Title of host publicationCODASPY 2018 - Proceedings of the 8th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery, Inc
Pages135-142
Number of pages8
ISBN (Electronic)9781450356329
DOIs
Publication statusPublished - 13 Mar 2018
Externally publishedYes
Event8th ACM Conference on Data and Application Security and Privacy, CODASPY 2018 - Tempe, United States
Duration: 19 Mar 201821 Mar 2018

Publication series

NameCODASPY 2018 - Proceedings of the 8th ACM Conference on Data and Application Security and Privacy
Volume2018-January

Conference

Conference8th ACM Conference on Data and Application Security and Privacy, CODASPY 2018
Country/TerritoryUnited States
CityTempe
Period19/03/1821/03/18

Bibliographical note

Publisher Copyright:
© 2018 Association for Computing Machinery.

Keywords

  • Attack graph generation
  • CVE
  • CVSS
  • NVD
  • Vulnerability

Fingerprint

Dive into the research topics of 'Automated generation of attack graphs using NVD'. Together they form a unique fingerprint.

Cite this