Wei-wei CHENG,Yu-liang LU,Yang XIA,Guo-zheng YANG

DOI: https://doi.org/10.3969/j.issn.1000-2162.2007.04.008

2007-01-01

Abstract:Computer network vulnerability assessment is the important part of the computer security domain,it is very important to improve oneself security level of computer network.This paper introduces the computer network vulnerability firstly,expatiate on the problem which should be solved by the vulnerability assessment,embody introduce some main methods of computer network vulnerability assessment and the issues faced,and then it gives the future work of computer network vulnerability assessment.

XIA Yang,LU Yu-liang,YANG Guo-zheng

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.19.050

2007-01-01

Abstract:Computer network security vulnerability assessment is a research focus in network security field.This paper puts forward the research target of computer network vulnerability assessment and the major problems appeared in the course of research.It analyses some resent research methods and techniques aimed at computer network vulnerability assessment,such as network vulnerability assessment in terms of network connectivity,intrusion path,graph theory,analysis tools,agent,AHP,as well as vulnerability dependence relation graph.Based on the analysis,it points out the advantage and disadvantage of each method.

Zhang Yongzheng,FANG Binxing,YUN Xiaochun

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.14.053

2005-01-01

Abstract:With increasing security problems of information technology, developers of information security products seek for the trusted security assessment by the third part. But there are some defects in present assessment methods for host software systems. This paper proposes a quantitative risk assessment approach for host system security, combining with the vulnerability information in software system. An assessment instance is given to analyze the assessment algorithm. Finally, this paper illuminates the advantages of this assessment approach.

Zhang Yong-zheng,Fang Bin-xing,Yun Xiao-chun,Z. Tao

2004-01-01

Abstract:To provide the security confidence of information produ trusted security assessment by the third part. But there are some def as overmuch subjective factors, rough evaluation results and lack paper combines network-based scanning technology with the id quantitative risk assessment approach for host software system, and assessment algorithm. Key-Words: Network security; Risk assessment; Assessment polic

夏阳,陆余良,蒋凡

DOI: https://doi.org/10.3969/j.issn.1002-137X.2003.02.028

2003-01-01

Computer Science

Abstract:The rapid development of the Network makes the comprehensive analysis as well as the quantitative evaluation of its security become more and mere important. This paper illustrates the major realization process of a Network Security Quantitative Evaluation System,which,from an intruder's angle ,established a Hierarchy Intrusion Relationship Graph by analyzing the credit degree fusion and relevancy of the secure information of the target network and by combining with powerful database information. At last, by applying some relative mathematics model and arithmetic, the paper analyzes and evaluates the security of this Network Hierarchy Intrusion Relationship Graph comprehensively and quantitatively.

CHEN Feng,ZHANG Yi,BAO Ai-hua,SU Jin-shu

DOI: https://doi.org/10.3969/j.issn.1007-130x.2010.10.003

2010-01-01

Abstract:Attack graph is a model-based vulnerability analysis technology.It may automatically analyze the interrelation among vulnerabilities in the network and the potential threat resulting from the vulnerabilities,which is one of problems the quantitative vulnerability assessment must solve.This paper proposes a novel quantitative vulnerability assessment method based on attribute-based attack graphs.First attribute-based attack graphs and valid attack paths are formally described,and maximal reachable probability is adopted to measure the vulnerability of the key attribute set of the target network.An algorithm for computing maximal reachable probability is presented to solve the problem of loop attack paths.Finally,because some data may not be obtained in practical assessment,the conception of creditability is introduced to measure the impact of absent data on the result.

SONG Shun-hong,LU Yu-liang,YANG Guo-zheng,YUAN Huan

2011-01-01

Abstract:In view of the scalability problem in the risk assessment based on attack graphs,we propose a quantitative vulnerability assessment approach based on host-based access graphs from the perspective of internal security threat.First we introduce the concept of network access relationship and host critical degree,and propose host security threat model.Then we obtain network access relationships of all the hosts through the generation of host-based access graphs.The impacts of vulnerabilities to the network are figured out based on the model and the access graphs and then all the vulnerabilities are prioritized by impacts.The experiment shows that this approach is efficient to assess the security state of the network and the severity of the vulnerabilities to the network.The result gives meaningful recommendation for network hardening.

Yue Zhang,Wang Zhao

DOI: https://doi.org/10.1109/icngn59831.2023.10396667

2023-01-01

Abstract:The rapid development of information technology has greatly improved the level of enterprise informatization. However, while providing a variety of services to users, there may also be security issues such as data breaches, denial of service attacks, and extortion attempts. To address the aforementioned issues and enhance the security of information systems, multiple security devices have implemented protective measures. However, relying solely on the configuration and construction of security facilities cannot fundamentally resolve network security issues. Therefore, an important challenge currently faced is how to quantitatively assess, evaluate, and guide security personnel to optimize the configuration of the network security system. This is a significant matter that requires careful consideration.Currently, most existing quantitative security evaluation schemes focus on assessing security risks, but the entire security protection system has not been utilized as an evaluation criterion, and its protective effectiveness has not been quantitatively evaluated. Simultaneously, establishing quantitative connections between security impact factors and the security protection system, linking the protection effectiveness of individual security devices to overall security protection effectiveness, and then optimizing and improving the protection effectiveness have become critical bottlenecks in measuring the protection effectiveness of the network security protection system.

ZHAOXudong,CHENZhilong,GONGHuadong,GUODongjun

DOI: https://doi.org/10.12018/j.issn.1009-3443.20150514001

2016-01-01

Abstract:In order to protect the system function of critical infrastructure network in the wartime,a vulnerability assessment framework was established based on the complex network theory.By measuring the demands satisfaction degree of network terminal node,a metric for assessing the vulnerability was constructed which includes some significant factors such as the infrastructures network planning,the path redundancy and emergency recovery actions.A typical transportation network was taken as a case to illustrate the assessment framework.The study results show that under four randomly generated attack scenarios, the maximum loss ratio of demands satisfaction degree approaches 17% within the control time,while the minimum loss ratio of demands satisfaction degree is 7%.When a network link is randomly added,the maximum loss ratio of demands satisfaction degree has no significant change.It means that the random addition of network link can't guarantee the reduction of the vulnerability of the infrastructure network.

Sun Yang,Xiong Wei

DOI: https://doi.org/10.1109/icsess.2017.8342948

2017-01-01

Abstract:The vulnerability of network or information system is the inherent reason for the existence of security risks and security risks. External threats exploit the vulnerability of the network or information system to launch attacks. Therefore, in the field of network security risk assessment technology, security vulnerability analysis takes an important position and is the basis for a network security risk assessment. This paper mainly reviews the research status of network security vulnerability analysis methods, network security quantitative evaluation method and real-time evaluation method of network security.

Chen,Gang Chen

DOI: https://doi.org/10.1109/aiipcc57291.2022.00077

2022-01-01

Abstract:With the rapid development and popular utilization of computer network system, the proportion of attacks against computer network system has been increasing year by year. The traditional security vulnerability assessment method only evaluates individual vulnerabilities in isolation, and the assessment results do not reflect the degree of impact of vulnerabilities on the whole network. To address this problem this paper proposes a computer network system security assessment method, which uses the CVSSv3 evaluation index to assess vulnerabilities based on vulnerability association graph and risk matrix, while taking into account the association relationship between the fore-order vulnerability nodes, back-order vulnerability nodes and the vulnerability itself. The vulnerability correlation hazard calculated by the method can accurately reflect the degree of impact of the vulnerability on the whole computer network system, and the accuracy and effectiveness of the method is proved through experiments.

Yukun Zheng,Kun Lv,Changzhen Hu

DOI: https://doi.org/10.1007/978-3-319-64701-2_25

2017-01-01

Abstract:With the rapid development of network, network security issues become increasingly important. It is a tough challenge to evaluate the network security due to the increasing vulnerabilities. In this paper, we propose a quantitative method for evaluating network security based on attack graph. We quantify the importance of nodes and the maximum reachable probability of nodes, and construct a security evaluation function to calculate the security risk score. Our approach focuses on the attacker's view and considers the most important factors that may affect the network security. The parameters we use are easily to be acquired in any network. Thus, the assessment score gotten through the evaluation function can comprehensively reflect the security level. According to the security risk value, security professionals can take appropriate countermeasures to harden the network. Experimental results prove that this model solves the security evaluation problem efficiently.

MA Jun-chun,WANG Yong-jun,SUN Ji-yin,CHEN Shan

DOI: https://doi.org/10.3969/j.issn.1001-3695.2012.03.082

2012-01-01

Abstract:In order to improve networks' total security,this paper presented a novel method of assessing network security based on attack graphs.Firstly,it proposed a definition of vulnerability dependence graph based on attack graphs.Secondly,it divided the factors which impact network vulnerability assessment into three parts: the vulnerability character by itself,the network environment and the relationship between vulnerabilities.Finally,according to the size of network topology,using the evaluation policy from bottom to top and from local to global,it gave the vulnerability assessment intuitively in three levels: the vulnerability,the host and the network.Through a large number of repeated laboratory tests,the experimental results show that this method can assess network security efficiently,help network security managers guard the network,which improves networks viability,and improves the ability of responding to sudden attacks.So it has great theoretical value,economic value and social significance.

XIA Yang,LU Yu-liang

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.06.026

2005-01-01

Abstract:The security performance of target host is assessed quantitatively based on the method of manual neural network. Network framework and learning algorithm of BP neural networks are analyzed and then some factors are brought forward influencing host's security performance. In addition, thetraining samples and practical testing of the host's securitycapability in terms ofBP neural networks are offered. Computer security quantitative assessment based on manual neural network provides a feasible method for the research of assessing security performance of target host.

Liwei Wang,Robert Abbas,Fahad M. Almansour,Gurjot Singh Gaba,Roobaea Alroobaea,Mehedi Masud

DOI: https://doi.org/10.1515/jisys-2020-0145

2021-01-01

Journal of Intelligent Systems

Abstract:Abstract With the advancement of internet and the emergence of network globalization, security has always been a major concern. During the trial operation, the management control platform discussed in this article included more than 600 network security vulnerabilities in the industry, with dozens of incidents, which were promptly dealt with and rectified, effectively improving the level of network security management and protection in the industry. As networks are very much vulnerable to denial of service attacks, much more emphasis has been given to security. By improving their network security, network administrators have often tried their best. To attempt penetration testing, it is the best way of ensuring the system security. With the development of information technology, the security requirement of information system is increasing day by day. The use of penetration testing technology is conducive to the realization of accurate positioning, accurate detection, and active alarm of security vulnerabilities, and the optimization of monitoring and rectification of the combination of network security management control system. Taking penetration testing technology as one of the core elements of management and control, the risk index model is optimized to make network security management controllable and efficient, and effectively achieve management and control objectives.

张恺伦,江全元

2013-01-01

Abstract:With the promotion and application of wide area measurement systems (WAMS) in power system, the security of its communication system is attracting a growing body of research. To analyze the vulnerability of WAMS communication infrastructures when facing network intrusions, an assessing method of vulnerability based on attack tree model is proposed. First, the attack tree model of WAMS communication system is established, which directly reflects the intrusion scenarios when the system is maliciously attacked. Second, a more reasonable assessing method for the vulnerability of passwords and ports is proposed, as well as the vulnerability of the system with all scenarios taken into consideration. Finally, the paper puts forth the concept of vulnerability sensitivity, which can quantitatively evaluate the effect of changes in the leaf vulnerability on the system, so as to find out the critical port.

SUN Le-chang,XIA Yang,LU Yu-liang

DOI: https://doi.org/10.3969/j.issn.1007-130X.2006.12.004

2006-01-01

Abstract:The thesis presents a framework of network vulnerability analysis based on agents, which gather the vulnerability metric of each host. Then, through analyzing the changes of vulnerability metric in various phases of network attacks, not only are the network vulnerability and the process of network attacks analyzed, but also the way for the prevention of network security for further research paved.

徐玮晟,张保稳,李生红

DOI: https://doi.org/10.3969/j.issn.1009-8054.2009.10.022

2009-01-01

Abstract:With the high-speed development of IT industry, network security has attracted much attention.An effective method for network security assessment could not only find the existing flaws, but also discover some potential exploits in the network system.Moreover, this method could locate the node in the network with the highest possiblity of being attacked by means of mathematical tools.Thus the networks at enterprise level could survive a new round of network attack, and the services of enterprises could be continuously carried on.In this article, the methods for network security assessment are classified, and the prospects of network security assessment methods are forecasted.

Xiuzhen Chen,Qinghua Zheng,Xiaohong Guan,Chenguang Lin

DOI: https://doi.org/10.3321/j.issn:0253-987X.2004.04.019

2004-01-01

Abstract:Aiming at the deficiency that is unable to provide useful security situation information encountered in the cur2 rent security evaluation systems , a hierarchical and quantitative model , which is used to evaluate security situation of net2 worked systems , and its corresponding computation method are proposed based on the importance of service , host , and the structure of the network system. This model adopts the evaluation policy from bottom to top and from local to global , calculates the risk indexes of service , host and whole network system by weighting the importance of service and host based on the analysis of attack frequency and its severity , and further evaluates their security situation. Experiments on the HoneyNet dataset show that this system can evaluate the security situation in three levels : service , host and local area network system. It provides system administrators with system intuitive security situation curve and releases them from the exhausting task of alert analysis.

Tiantian Tan,Baosheng Wang,Yong Tang,Xu Zhou,Jingwen Han

DOI: https://doi.org/10.32604/cmc.2019.06049

2019-01-01

Abstract:Vulnerability technology is the basic of network security technology, vulnerability quantitative grading methods, such as CVSS, WIVSS, ICVSS, provide a reference to vulnerability management, but the problems of ignoring the risk elevation caused by a group of vulnerabilities and low accuracy of exploitable level evaluation exist in current vulnerability quantitative grading methods. To solve problems above in current network security quantitative evaluation methods, this paper verified the high relevance degree between type and exploitable score of vulnerability, proposed a new vulnerability quantitative grading method ICVSS, ICVSS can explore attack path using continuity level defined by privilege, add vulnerability type to measure indexes of exploitable metrics and use Analytic Hierarchy Process (AHP) to quantify the influence of vulnerability type on exploitable level. Compared with CVSS and WIVSS, ICVSS is proved that it can discover attack path consist of a sequence of vulnerabilities for network security situation evaluation, and has more accuracy and stability.