Yongzheng Zhang,Binxing Fang,Xiaochun Yun

DOI: https://doi.org/10.3321/j.issn:1002-0470.2007.04.001

2007-01-01

Abstract:On the basis of the previous research work, this paper combines the index-based micro-analysis with the risk sum based macro-analysis to propose an integrated method for quantitative assessment of mainstream operating systems security vulnerabilities, and evaluates 1081 vulnerabilities related to six versions of three mainstream operating systems Windows NT, RedHat Linux and Solaris. This method can be used to effectively analyze the influences of the evolution of the operating systems on their security and compare the security status of the systems from various aspects on various levels.

Chen,Gang Chen

DOI: https://doi.org/10.1109/aiipcc57291.2022.00077

2022-01-01

Abstract:With the rapid development and popular utilization of computer network system, the proportion of attacks against computer network system has been increasing year by year. The traditional security vulnerability assessment method only evaluates individual vulnerabilities in isolation, and the assessment results do not reflect the degree of impact of vulnerabilities on the whole network. To address this problem this paper proposes a computer network system security assessment method, which uses the CVSSv3 evaluation index to assess vulnerabilities based on vulnerability association graph and risk matrix, while taking into account the association relationship between the fore-order vulnerability nodes, back-order vulnerability nodes and the vulnerability itself. The vulnerability correlation hazard calculated by the method can accurately reflect the degree of impact of the vulnerability on the whole computer network system, and the accuracy and effectiveness of the method is proved through experiments.

CHEN Wei-hua,JIANG Quan-yuan,CAO Yi-jia,HAN Zhen-xiang

DOI: https://doi.org/10.3321/j.issn:1000-3673.2005.04.004

2005-01-01

Abstract:Based on probability theory the risk theory was applied to the vulnerability assessment of power system. Here, the power system was defined as a vulnerable system and a set of risk indices to assess the power system vulnerability and corresponding algorithm were built, thus the defects of traditional determinsistic security assessment method, which cannot satisfy the requirement of electricity market and complicated power grid, could be overcome. On this basis, a risk theory and risk indices based power system vulnerability assessment software was developed. Taking the New England test system for example, the effectiveness and advanced property of the presented method were proved.

张恺伦,江全元

2013-01-01

Abstract:With the promotion and application of wide area measurement systems (WAMS) in power system, the security of its communication system is attracting a growing body of research. To analyze the vulnerability of WAMS communication infrastructures when facing network intrusions, an assessing method of vulnerability based on attack tree model is proposed. First, the attack tree model of WAMS communication system is established, which directly reflects the intrusion scenarios when the system is maliciously attacked. Second, a more reasonable assessing method for the vulnerability of passwords and ports is proposed, as well as the vulnerability of the system with all scenarios taken into consideration. Finally, the paper puts forth the concept of vulnerability sensitivity, which can quantitatively evaluate the effect of changes in the leaf vulnerability on the system, so as to find out the critical port.

Chen Weihua,Jiang Quanyuan,Cao Yijia

DOI: https://doi.org/10.1109/ipec.2005.207004

2005-01-01

Abstract:With the increasing utilization of HVDC system, security assessment of HVDC system has become a hot topic. This paper presents a novel approach using the framework of vulnerability to assess HVDC system security. First, equivalent models of HVDC systems, based on Markov model and logical diagram, are built to solve "dimension disaster" problem. Second, the risk index is used as an indicator of the level of security, and its sensitivity to a changing system parameter is used as an indicator of its trend. These two indicators are combined to determine the degree of HVDC system vulnerability to contingent disturbances. Finally, artificial neural network (ANN) is applied to the fast pattern recognition and classification of system vulnerability status. A case of Gezhouba-Shanghai HVDC system in China is presented to verify correctness and effectiveness of the approach.

Xiuzhen Chen,Jianhua Li,Shaojun Zhang

DOI: https://doi.org/10.1109/iccs.2008.4737375

2008-01-01

Abstract:All current vulnerability assessment tools only can locate individual vulnerabilities on a single host without considering correlated effect of these vulnerabilities. Aiming at this issue, this paper proposes a method of generating attack graph based on privilege escalation. The vulnerabilities and known attacks with their prerequisites and consequences are modeled based on predicate logic theory and are correlated so as to automatically construct attack graphs with strong operation power of RDBMS. The testing result shows that this system can discover security problems undetectable if only the hosts are assessed individually in a network without simulating attacks. As an application based on relational database, it can be easily integrated with other security tools based on RDBMS.

Tao Zhang,Mingzeng Hu,Xiaochun Yun,Yongzheng Zhang

DOI: https://doi.org/10.1007/978-3-540-31979-5_26

2005-01-01

Abstract:For analyzing computer system security, the system visitor could be classified into five kinds by his privilege to access system resource, and presented the model base on privilege escalation. The attacker can enhance his privilege by exploiting vulnerability, according to distribution of vulnerabilities privilege set, we could construct fault tree to reflect distinctly potential attack path, and so this method could quantificational express security state at different security policy via analyzing fault tree.

Weihua Chen,JIANG Quan-yuan,CAO Yi-jia

2005-01-01

Abstract:This paper summarizes the defects of traditional assessment methods for voltage security and points out the necessity of voltage security vulnerability assessment in the power market environment.A concept of voltage vulnerability is introduced as a framework for power system voltage security assessment.This concept combines information on the level of voltage security and its trend with changing system conditions.An approach is presented to calculate the voltage vulnerability for power systems based on risk theory and fuzzy reasoning.Voltage risk index and its trend to load level are calculated to deal with both the level of security and its trend with changing system conditions.Fuzzy reasoning is used to obtain the voltage vulnerability from the voltage risk index and its trend based on the system operators' experiences.It supports system operators effectively.A software has been implemented based the proposed approach.At last,the approach and the software are illustrated with New England 39-bus system.The results show the effectiveness of the approach.

Zhang Yongzheng,FANG Binxing,YUN Xiaochun

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.14.053

2005-01-01

Abstract:With increasing security problems of information technology, developers of information security products seek for the trusted security assessment by the third part. But there are some defects in present assessment methods for host software systems. This paper proposes a quantitative risk assessment approach for host system security, combining with the vulnerability information in software system. An assessment instance is given to analyze the assessment algorithm. Finally, this paper illuminates the advantages of this assessment approach.

Yukun Zheng,Kun Lv,Changzhen Hu

DOI: https://doi.org/10.1007/978-3-319-64701-2_25

2017-01-01

Abstract:With the rapid development of network, network security issues become increasingly important. It is a tough challenge to evaluate the network security due to the increasing vulnerabilities. In this paper, we propose a quantitative method for evaluating network security based on attack graph. We quantify the importance of nodes and the maximum reachable probability of nodes, and construct a security evaluation function to calculate the security risk score. Our approach focuses on the attacker's view and considers the most important factors that may affect the network security. The parameters we use are easily to be acquired in any network. Thus, the assessment score gotten through the evaluation function can comprehensively reflect the security level. According to the security risk value, security professionals can take appropriate countermeasures to harden the network. Experimental results prove that this model solves the security evaluation problem efficiently.

Yong-Zheng Zhang,Xiao-Chun Yun,Bin-Xing Fang,Tao Zhang

2005-01-01

Abstract:With the development of computer software system, computer vulnerabilities are continually increasing. These vulnerabilities have severe impacts on confidentiality, authenticity and availability of computer system and network. In the field of host system vulnerability assessment, the traditional method is only to consider the threats of isolated vulnerability to software systems. However, through analyzing multistage attacks and vulnerabilities on Internet, we find that attackers often synthetically exploit several correlative vulnerabilities to badly compromise the systems. Therefore, study on vulnerability correlation is important for improving the accuracy and validity of security assessment. This paper firstly gives the definition, expression and significance of vulnerability correlation. Then a mining method for vulnerability correlation is proposed. Finally, an experiment is conducted to verify the efficiency of the new approach.

Assane Gueye,Peter Mell

DOI: https://doi.org/10.48550/arXiv.2102.01722

2021-02-02

Cryptography and Security

Abstract:Understanding the landscape of software vulnerabilities is key for developing effective security solutions. Fortunately, the evaluation of vulnerability databases that use a framework for communicating vulnerability attributes and their severity scores, such as the Common Vulnerability Scoring System (CVSS), can help shed light on the nature of publicly published vulnerabilities. In this paper, we characterize the software vulnerability landscape by performing a historical and statistical analysis of CVSS vulnerability metrics over the period of 2005 to 2019 through using data from the National Vulnerability Database. We conduct three studies analyzing the following: the distribution of CVSS scores (both empirical and theoretical), the distribution of CVSS metric values and how vulnerability characteristics change over time, and the relative rankings of the most frequent metric value over time. Our resulting analysis shows that the vulnerability threat landscape has been dominated by only a few vulnerability types and has changed little during the time period of the study. The overwhelming majority of vulnerabilities are exploitable over the network. The complexity to successfully exploit these vulnerabilities is dominantly low; very little authentication to the target victim is necessary for a successful attack. And most of the flaws require very limited interaction with users. However on the positive side, the damage of these vulnerabilities is mostly confined within the security scope of the impacted components. A discussion of lessons that could be learned from this analysis is presented.

Xiaming Ye,Junhua Zhao,Yan Zhang,Fushuan Wen

DOI: https://doi.org/10.3390/en8065266

IF: 3.2

2015-01-01

Energies

Abstract:The distribution automation system (DAS) is vulnerable to cyber-attacks due to the widespread use of terminal devices and standard communication protocols. On account of the cost of defense, it is impossible to ensure the security of every device in the DAS. Given this background, a novel quantitative vulnerability assessment model of cyber security for DAS is developed in this paper. In the assessment model, the potential physical consequences of cyber-attacks are analyzed from two levels: terminal device level and control center server level. Then, the attack process is modeled based on game theory and the relationships among different vulnerabilities are analyzed by introducing a vulnerability adjacency matrix. Finally, the application process of the proposed methodology is illustrated through a case study based on bus 2 of the Roy Billinton Test System (RBTS). The results demonstrate the reasonability and effectiveness of the proposed methodology.

XU Li,YUAN Yi,XUE Zhi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2011.04.020

2011-01-01

Abstract:A large amount of security loophole is one of the important causes leading to the severe general security situation. The study on network security assessment is thus of significant practical importance. This paper describes in detail the method for building up the attack graph model, and gives an auto-generating algorithm of attack graph. An approach by using mathematic model to analyze attack graph for security assessment of network is proposed. With a virtual network environment, the method is verified. The proposed approach is of practical significance in the Study of attack graph.

Wenhui Hu,Long Zhang,Xueyang Liu,Yu Huang,Minghui Zhang,Liang Xing

DOI: https://doi.org/10.1109/bigdatasecurity-hpsc-ids49724.2020.00033

2020-01-01

Abstract:In view of the problem that the overall security of the network is difficult to evaluate quantitatively, we propose the edge authority attack graph model, which aims to make up for the traditional dependence attack graph to describe the relationship between vulnerability behaviors. This paper proposed a network security metrics based on probability, and proposes a network vulnerability algorithm based on vulnerability exploit probability and attack target asset value. Finally, a network security reinforcement algorithm with network vulnerability index as the optimization target is proposed based on this metric algorithm.

WEN Weiping,ZHANG Puhan,XU Youfu,YIN Liang

2011-01-01

Abstract:Windows is the world's most widely used desktop operating system,so security vulnerabilities in windows have an enormous impact on system security and exploiting vulnerabilities in the Windows operating system has great significance.At present,the discovery of software security vulnerabilities depends mainly on the experience and luck of security researchers since they lack systematic and effective methods to find vulnerabilities.To more quickly find a class of vulnerabilities,this paper focuses on patch vulnerability with four types of security threat modes introduced patches.Then this paper describes a software security vulnerability exploitation method based on patch comparison.This method can be used to solve the semi-automatically find Windows vulnerabilities with patches.This method found unknown Windows operating system vulnerabilities to verify its effectiveness.

Simon Unger,Ektor Arzoglou,Markus Heinrich,Dirk Scheuermann,Stefan Katzenbeisser

2023-07-26

Abstract:Risk assessment plays a crucial role in ensuring the security and resilience of modern computer systems. Existing methods for conducting risk assessments often suffer from tedious and time-consuming processes, making it challenging to maintain a comprehensive overview of potential security issues. In this paper, we propose a novel approach that leverages attack graphs to enhance the efficiency and effectiveness of risk assessment. Attack graphs visually represent the various attack paths that adversaries can exploit within a system, enabling a systematic exploration of potential vulnerabilities. By extending attack graphs with capabilities to include countermeasures and consequences, they can be leveraged to constitute the complete risk assessment process. Our method offers a more streamlined and comprehensive analysis of system vulnerabilities, where system changes, or environment changes can easily be adapted and the issues exposing the highest risk can easily be identified. We demonstrate the effectiveness of our approach through a case study, as well as the applicability by combining existing risk assessment standards with our method. Our work aims to bridge the gap between risk assessment practices and evolving threat landscapes, offering an improved methodology for managing and mitigating risks in modern computer systems.

Cryptography and Security

SHI Hao,WANG Yi-jun,XUE Zhi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2011.05.042

2011-01-01

Abstract:Due to the continuous growth of network size,the independent vulnerability analysis could not satisfy the requirement of security protection.Attack graph,as a new tool,could show the network structure clearly.Taking into account the interaction among the vulnerabilities,the people can identify overall risk of the network better and adopt proper a measures.However,the complexity of attack graphs generated by traditional generation methods would grow rapidly with the expansion of network scale.A fairly simple attack graph could be generated by a new method based on the knowledge of the administrator.This method generates attack graph from the key node of the network,and thus could reduce the scale of the attack graph effectively.

Zhang Tao,Chen Xiarun,Chen Zhong

DOI: https://doi.org/10.1109/ICIPCA59209.2023.10257912

2023-01-01

Abstract:As the Internet environment becomes increasingly complex, network security gradually has more and more impact on people's real life. The research on static vulnerability detection is of great significance to the security of software systems. To solve the problems of imperfect technical support for basic analysis and high false alarm rate in the current mainstream static vulnerability detection methods, we design a vulnerability detection method based on taint value range propagation analysis, combining data flow analysis and abstract interpretation to achieve cross-functional variable value range analysis, and combining the identification and analysis of data security checks to achieve an automated vulnerability detection system prototype—RVDetecor, with good performance and detection, and applicable to real-world scenarios. In its analysis of the Linux kernel source code, RVDetecor verified 15 fixed issues.

Wenhui Wang,Liandong Chen,Longxi Han,Zhihong Zhou,Zhengmin Xia,Xiuzhen Chen

DOI: https://doi.org/10.1109/icicas51530.2020.00009

2020-01-01

Abstract:The numerous attacks on ICS systems have made severe threats to critical infrastructure. Extensive studies have focussed on the risk assessment of discovering vulnerabilities. However, to identify Zero-day vulnerabilities is challenging because they are unknown to defenders. Here we sought to measure ICS system zero-day risk by building an enhanced attack graph for expected attack path exploiting zero-day vulnerability. In this study, we define the security metrics of Zero-day vulnerability for an ICS. Then we created a Zero-day attack graph to guide how to harden the system by measuring attack paths that exploiting zero-day vulnerabilities. Our studies identify the vulnerability assessment method on ICS systems considering Zero-day Vulnerability by zero-day attack graph. Together, our work is essential to ICS systems security. By assessing unknown vulnerability risk to close the imbalance between attackers and defenders.