Jiajun Shen,Dongqin Feng

DOI: https://doi.org/10.1155/2016/4147251

2016-01-01

Journal of Control Science and Engineering

Abstract:With the development of industrial informatization, the industrial control network has gradually become much accessible for attackers. A series of vulnerabilities will therefore be exposed, especially the vulnerability of exclusive industrial communication protocols (ICPs), which has not yet been attached with enough emphasis. In this paper, stochastic game theory is applied on the vulnerability analysis of clock synchronization protocol (CSP), one of the pivotal ICPs. The stochastic game model is built strictly according to the protocol with both Man-in-the-Middle (MIM) attack and dependability failures being taken into account. The situation of multiple attack routes is considered for depicting the practical attack scenarios, and the introduction of time aspect characterizes the success probabilities of attackers actions. The vulnerability analysis is then realized through determining the optimal strategies of attacker under different states of system, respectively.

Lingfeng Bao,Xin Xia,Ahmed E. Hassan,Xiaohu Yang

DOI: https://doi.org/10.1145/3510003.3510113

2022-01-01

Abstract:Vulnerabilities publicly disclosed in the National Vulnerability Database (NVD) are assigned with CVE (Common Vulnerabilities and Exposures) IDs and associated with specific software versions. Many organizations, including IT companies and government, heavily rely on the disclosed vulnerabilities in NVD to mitigate their security risks. Once a software is claimed as vulnerable by NVD, these organizations would examine the presence of the vulnerable versions of the software and assess the impact on themselves. However, the version information about vulnerable software in NVD is not always reliable. Nguyen et al. find that the version information of many CVE vulnerabilities is spurious and propose an approach based on the original SZZ algorithm (i.e., an approach to identify bug-introducing commits) to assess the software versions affected by CVE vulnerabilities. However, SZZ algorithms are designed for common bugs, while vulnerabilities and bugs are different. Many bugs are introduced by a recent bug-fixing commit, but vulnerabilities are usually introduced in their initial versions. Thus, the current SZZ algorithms often fail to identify the inducing commits for vulnerabilities. Therefore, in this study, we propose an approach based on an improved SZZ algorithm to refine software versions affected by CVE vulnerabilities. Our proposed SZZ algorithm leverages the line mapping algorithms to identify the earliest commit that modified the vulnerable lines, and then considers these commits to be the vulnerability-inducing commits, as opposed to the previous SZZ algorithms that assume the commits that last modified the buggy lines as the inducing commits. To evaluate our proposed approach, we manually annotate the true inducing commits and verify the vulnerable versions for 172 CVE vulnerabilities with fixing commits from two publicly available datasets with five C/C++ and 41 Java projects, respectively. We find that 99 out of 172 vulnerabilities whose version information is spurious. The experiment results show that our proposed approach can identify more vulnerabilities with the true inducing commits and correct vulnerable versions than the previous SZZ algorithms. Our approach outperforms the previous SZZ algorithms in terms of F1-score for identifying vulnerability-inducing commits on both C/C++ and Java projects (0.736 and 0.630, respectively). For refining vulnerable versions, our approach also achieves the best performance on the two datasets in terms of F1-score (0.928 and 0.952).

Chen,Gang Chen

DOI: https://doi.org/10.1109/aiipcc57291.2022.00077

2022-01-01

Abstract:With the rapid development and popular utilization of computer network system, the proportion of attacks against computer network system has been increasing year by year. The traditional security vulnerability assessment method only evaluates individual vulnerabilities in isolation, and the assessment results do not reflect the degree of impact of vulnerabilities on the whole network. To address this problem this paper proposes a computer network system security assessment method, which uses the CVSSv3 evaluation index to assess vulnerabilities based on vulnerability association graph and risk matrix, while taking into account the association relationship between the fore-order vulnerability nodes, back-order vulnerability nodes and the vulnerability itself. The vulnerability correlation hazard calculated by the method can accurately reflect the degree of impact of the vulnerability on the whole computer network system, and the accuracy and effectiveness of the method is proved through experiments.

CHEN Wei-hua,JIANG Quan-yuan,CAO Yi-jia,HAN Zhen-xiang

DOI: https://doi.org/10.3321/j.issn:1000-3673.2005.04.004

2005-01-01

Abstract:Based on probability theory the risk theory was applied to the vulnerability assessment of power system. Here, the power system was defined as a vulnerable system and a set of risk indices to assess the power system vulnerability and corresponding algorithm were built, thus the defects of traditional determinsistic security assessment method, which cannot satisfy the requirement of electricity market and complicated power grid, could be overcome. On this basis, a risk theory and risk indices based power system vulnerability assessment software was developed. Taking the New England test system for example, the effectiveness and advanced property of the presented method were proved.

Anming Xie,Li Zhang,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ISECS.2009.113

2009-01-01

Abstract:Attack graphs are important tools for analyzing network security vulnerabilities. Recently, the generation method of attack graphs is a hot topic to the security researchers. As previous works encounter the scalability problem and inaccurate input information problem, we propose a novel method to automatic construction of attack graphs based on probability. After introducing prior-probability, match-probability,and transition-probability into attack graphs generation process, we develop a new attack model and relevant generation algorithms. Our method uses threshold and key states to control the scale of result attack graphs with important attack paths reserved. The following experiments show our approach could get meaningful results with less time and space, especially when one wants to get a few shortest attack paths quickly.

Xiaoliang Wang,Xiaohong Jiang,Achille Pattavina

DOI: https://doi.org/10.1109/HPSR.2011.5986021

2011-01-01

Abstract:The mission critical network infrastructures are facing potential large region threats, both intentional (like EMP attack, bomb explosion) and natural (like earthquake, flooding). The available research on region failure related vulnerability studies generally adopt a kind of simple “deterministic” region failure models, which can not capture some important features of real region failure scenarios, where a network component in the region only fails with certain probability, and more importantly, such failure probability tends to vary with both its dimension and its distance to failure center. In this paper, we provide a more general “probabilistic” region failure model to capture the key features of a region failure and apply it for the network vulnerability assessment. To facilitate such assessment, we adopt a grid partition-based scheme to estimate various statistical network metrics under a random region failure. A theoretical framework is also established to determine a suitable grid partition such that a specified estimation error requirement is satisfied. The grid partition technique is also useful for identifying the vulnerable zones of a network, which can guide network designers to initiate proper network protection against such failures. The work in this paper helps us more deeply understand the network vulnerability behavior under region failure and facilitates the design and maintenance of future highly survivable mission critical networks.

Chen Weihua,Jiang Quanyuan,Cao Yijia

DOI: https://doi.org/10.1109/ipec.2005.207004

2005-01-01

Abstract:With the increasing utilization of HVDC system, security assessment of HVDC system has become a hot topic. This paper presents a novel approach using the framework of vulnerability to assess HVDC system security. First, equivalent models of HVDC systems, based on Markov model and logical diagram, are built to solve "dimension disaster" problem. Second, the risk index is used as an indicator of the level of security, and its sensitivity to a changing system parameter is used as an indicator of its trend. These two indicators are combined to determine the degree of HVDC system vulnerability to contingent disturbances. Finally, artificial neural network (ANN) is applied to the fast pattern recognition and classification of system vulnerability status. A case of Gezhouba-Shanghai HVDC system in China is presented to verify correctness and effectiveness of the approach.

Dan LIAO,Ming ZHOU,Dan LIU,Zhong TIAN

DOI: https://doi.org/10.3778/j.issn.1002-8331.1304-0133

2015-01-01

Abstract:Considering that there are several drawbacks included in CVSS 2.0, such as strongly subjectivity, inefficient maneuverability, the difficulty to create automated assessment model, the evaluation index system is improved based on CVSS 2.0 evaluation system. And the evaluation index system is divided into two parts which are objective category and subjective category. It optimizes evaluation factor with principles of BP neural network self-learning and builds an automa-tion evaluation model based on BP neural network, then quantizes the input indicators characteristic into approximation of effectiveness rapidly. Finally the effectiveness, accuracy and feasibility of the method are proved by MATLAB simulation.

Yinghui Wang,Bin Yu,Haiyang Yu,Lingyun Xiao,Haojie Ji,Yanan Zhao

DOI: https://doi.org/10.1109/jsyst.2022.3230097

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:As a promising technology, connected and autonomous vehicle (CAV) can reduce energy consumption and improve transportation safety. Nevertheless, as more enabling technologies are embedded in vehicles, the CAV is becoming more vulnerable to cybersecurity threats. Priority must be given to highly sensitive, life-threatening vulnerabilities. Therefore, an improved vulnerability assessment method for CAVs is proposed in this article, in which the common vulnerability scoring system (CVSS) and Bayes theory are adopted. Compared to the classical CVSS method, our scheme considers the impact of exploited vulnerabilities on the real world. In the meantime, a Bayesian network vulnerability classification model based on the $\text{CVSS}_{\text{CAV}}$ method is designed to resolve the problem that the CAVs' vulnerability dataset is small and incomplete. The case study as well as simulation results with different datasets or algorithms indicate that our proposal is effective for vehicle vulnerability evaluation.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Angel Longueira-Romero,Jose Luis Flores,Rosa Iglesias,Iñaki Garitano

2023-10-03

Abstract:Security metrics are not standardized, but inter-national proposals such as the Common Vulnerability ScoringSystem (CVSS) for quantifying the severity of known vulnerabil-ities are widely used. Many CVSS aggregation mechanisms havebeen proposed in the literature. Nevertheless, factors related tothe context of the System Under Test (SUT) are not taken intoaccount in the aggregation process; vulnerabilities that in theoryaffect the SUT, but are not exploitable in reality. We propose aCVSS aggregation algorithm that integrates information aboutthe functionality disruption of the SUT, exploitation difficulty,existence of exploits, and the context where the SUT operates.The aggregation algorithm was applied to OpenPLC V3, showingthat it is capable of filtering out vulnerabilities that cannot beexploited in the real conditions of deployment of the particularsystem. Finally, because of the nature of the proposed algorithm,the result can be interpreted in the same way as a normal CVSS.

Cryptography and Security,Software Engineering

Yong-Zheng Zhang,Xiao-Chun Yun,Bin-Xing Fang,Tao Zhang

2005-01-01

Abstract:With the development of computer software system, computer vulnerabilities are continually increasing. These vulnerabilities have severe impacts on confidentiality, authenticity and availability of computer system and network. In the field of host system vulnerability assessment, the traditional method is only to consider the threats of isolated vulnerability to software systems. However, through analyzing multistage attacks and vulnerabilities on Internet, we find that attackers often synthetically exploit several correlative vulnerabilities to badly compromise the systems. Therefore, study on vulnerability correlation is important for improving the accuracy and validity of security assessment. This paper firstly gives the definition, expression and significance of vulnerability correlation. Then a mining method for vulnerability correlation is proposed. Finally, an experiment is conducted to verify the efficiency of the new approach.

Sarah Elder,Rayhanur Rahman,Gage Fringer,Kunal Kapoor,Laurie Williams

DOI: https://doi.org/10.1145/3648610

IF: 16.6

2024-03-20

ACM Computing Surveys

Abstract:Knowing the exploitability and severity of software vulnerabilities helps practitioners prioritize vulnerability mitigation efforts. Researchers have proposed and evaluated many different exploitability assessment methods. The goal of this research is to assist practitioners and researchers in understanding existing methods for assessing vulnerability exploitability through a survey of exploitability assessment literature. We identify three exploitability assessment approaches: assessments based on original, manual CVSS, automated Deterministic assessments, and automated Probabilistic assessments. Other than the original CVSS, the two most common subcategories are Deterministic, Program-State-Based, and Probabilistic Learning Model (LM) Assessments.

computer science, theory & methods

Chanchala Joshi,U. Singh

Abstract:The evaluation of network risk is a vital task. It is an essential step in securing any network. This evaluation can help security professionals in making optimal decisions about how to design security countermeasures in order to improve security. This paper proposes a risk estimation model that uses vulnerability database National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS). The CVSS Risk Level Estimation Model estimates a security risk level from vulnerability information as a combination of period of exploitation and frequency of occurrence to estimates the impact derived from the CVSS. Proposed model provides quantitative security metrics that produces rapid and consistent security measurement which helps in automated and reasonable security management.

Computer Science,Engineering

Maciej Roman Nowak,Michał Walkowski,Sławomir Sujecki

DOI: https://doi.org/10.3390/s23041802

IF: 3.9

2023-02-07

Sensors

Abstract:COVID-19 forced a number of changes in many areas of life, which resulted in an increase in human activity in cyberspace. Furthermore, the number of cyberattacks has increased. In such circumstances, detection, accurate prioritisation, and timely removal of critical vulnerabilities is of key importance for ensuring the security of various organisations. One of the most-commonly used vulnerability assessment standards is the Common Vulnerability Scoring System (CVSS), which allows for assessing the degree of vulnerability criticality on a scale from 0 to 10. Unfortunately, not all detected vulnerabilities have defined CVSS base scores, or if they do, they are not always expressed using the latest standard (CVSS 3.x). In this work, we propose using machine learning algorithms to convert the CVSS vector from Version 2.0 to 3.x. We discuss in detail the individual steps of the conversion procedure, starting from data acquisition using vulnerability databases and Natural Language Processing (NLP) algorithms, to the vector mapping process based on the optimisation of ML algorithm parameters, and finally, the application of machine learning to calculate the CVSS 3.x vector components. The calculated example results showed the effectiveness of the proposed method for the conversion of the CVSS 2.0 vector to the CVSS 3.x standard.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Rongrong Xi,Xiaochun Yun,Yongzheng Zhang

DOI: https://doi.org/10.3772/j.issn.1002-0470.2014.01.002

2014-01-01

Abstract:The distribution of CVSS (common vulnerability scoring system) environmental scores is using statistical analysis. Two conclusions are obtained: first, for any given vulnerability, there is a Mode in its CVSS environmental scores set; Second, the relationship between the maximum variation of environmental scores and the base score satisfies statistical functions. Three vulnerabilities are extracted from NVD to verify these conclusions. The results show that there is a Mode in environmental scores, and the relationship between the maximum variation of environmental scores and the base score satisfies the function proposed in this paper.

Assane Gueye,Peter Mell

DOI: https://doi.org/10.48550/arXiv.2102.01722

2021-02-02

Cryptography and Security

Abstract:Understanding the landscape of software vulnerabilities is key for developing effective security solutions. Fortunately, the evaluation of vulnerability databases that use a framework for communicating vulnerability attributes and their severity scores, such as the Common Vulnerability Scoring System (CVSS), can help shed light on the nature of publicly published vulnerabilities. In this paper, we characterize the software vulnerability landscape by performing a historical and statistical analysis of CVSS vulnerability metrics over the period of 2005 to 2019 through using data from the National Vulnerability Database. We conduct three studies analyzing the following: the distribution of CVSS scores (both empirical and theoretical), the distribution of CVSS metric values and how vulnerability characteristics change over time, and the relative rankings of the most frequent metric value over time. Our resulting analysis shows that the vulnerability threat landscape has been dominated by only a few vulnerability types and has changed little during the time period of the study. The overwhelming majority of vulnerabilities are exploitable over the network. The complexity to successfully exploit these vulnerabilities is dominantly low; very little authentication to the target victim is necessary for a successful attack. And most of the flaws require very limited interaction with users. However on the positive side, the damage of these vulnerabilities is mostly confined within the security scope of the impacted components. A discussion of lessons that could be learned from this analysis is presented.

Qiuyuan Chen,Lingfeng Bao,Li Li,Xin Xia,Liang Cai

DOI: https://doi.org/10.1109/APSEC.2018.00049

2018-01-01

Abstract:To share vulnerability information across separate databases, tools, and services, newly identified vulnerabilities are recurrently reported to Common Vulnerabilities and Exposures (CVE) database.Unfortunately, not all vulnerability reports will be accepted. Some of them might get rejected or be accepted with disputations.In this work, we refer to those rejected or disputed CVEs as invalid vulnerability reports. Invalid vulnerability reports not only cause unnecessary efforts to confirm the vulnerability but also impact the reputation of the software vendors. In this paper, we aim to understand the root causes of invalid vulnerability reports and build a prediction model to automatically identify them.To this end, we first leverage card sorting to categorize invalid vulnerability reports, from which six main reasons are observed for rejected and disputed CVEs, respectively.Then, we propose a text mining approach to predict the invalid vulnerability reports. Our experiments reveal that the proposed text mining approach can achieve an AUC score of 0.87 for predicting invalid vulnerabilities. We also discuss the implications of our study: our categorization can be used to guide new committer to avoid these traps; some root causes of invalid CVEs can be avoided by using automatic techniques or optimizing reviewing mechanism; invalid vulnerability reports data should not be neglected.

Yu Liu,Feng Han,Jianguo Wang,Hongxin Qi

DOI: https://doi.org/10.1109/temc.2018.2823870

IF: 2.036

2018-01-01

IEEE Transactions on Electromagnetic Compatibility

Abstract:A method based on the Bayesian approach is proposed in this paper to assess the vulnerability of a multistate component when the available experimental data are insufficient. According to the proposed definition of hierarchical vulnerability distributions, each state probability function of components is represented by adjacent level distributions, and the restriction of vulnerability distributions is analyzed. Depending on the credibility interval of the parameters of vulnerability distributions, the joint prior probability density functions (PDFs) of these parameters can be obtained in different scenarios. Therefore, the joint posterior PDF of these parameters can be obtained by combining the joint prior PDF and the likelihood function based on a Bayesian formula. Then, the posterior probability function of each state can be obtained by the proposed method. In realistic situations, the estimation of the state probability functions will be more practical than single estimation of the state probability under a specific threat level of intentional electromagnetic interference (IEMI). The specific process of the method is presented, while the hierarchical vulnerability distributions are represented by lognormal cumulative distribution functions. Finally, a case study demonstrates the effectiveness of the proposed method.

Hui Lu,Xun Huang,Xiang Yu,Rufeng Liang,Man Zhang,Chengcong Zheng,Junhan Chen,Zhihong Tian

DOI: https://doi.org/10.1109/CloudNet59005.2023.10490046

2023-11-01

Abstract:As networks continue to expand in scale and complexity, the frequency and severity of network attacks are rapidly increasing. Regular penetration testing is essential to enhance cybersecurity defense. However, manual testing lacks the intelligence necessary for effective assessments. Breach and Attack Simulation (BAS) represents an advanced penetration method for automated evaluation of security situations. Current methodologies primarily focus on individual vulnerabilities or attack behaviors, which exhibit weaknesses in correlation and granularity, and do not adapt well to real-world scenarios. To improve the accuracy and efficacy of BAS, it is imperative to integrate vulnerability correlation, multi-step attacks, and exploit chains. The paper is divided into three sections, providing a comprehensive exposition on vulnerability association. It summarizes the implementation principles of various methods and offers recommendations concerning current research advancements and future research directions.

Engineering,Computer Science

Yu Liu,Peibing Du,Feng Han,Libing Cai,Hongxin Qi,Hongfu Xia,Jianguo Wang

DOI: https://doi.org/10.1109/temc.2022.3169820

IF: 2.036

2022-01-01

IEEE Transactions on Electromagnetic Compatibility

Abstract:A Bayesian approach based on the vulnerability distribution is proposed to estimate the confidence limits of the state probability and the threat level of multistate electronic systems interfered by intentional electromagnetic interference (IEMI). The vulnerability distribution is used to describe the state probability function of the multi-state system (MSS) for a given IEMI threat level. When a small number of test samples are under a specific threat level and prior MSS information is known, the posterior estimation of the state probability function can be obtained based on Bayesian theory. Furthermore, to effectively apply the state probability function to assess the vulnerability of the MSS, the uncertainty of the state probability function is discussed. Considering state probabilities under the same threat level as random variables, all these state probabilities also follow the Dirichlet distribution. Thus, the confidence limits of the posteriori state probability and the threat level can be inferred by the marginal distribution of the state probability, which is induced by combining the Dirichlet and vulnerability distributions. Finally, a case study is given to demonstrate the details of the calculation process of the vulnerability distribution, the state probability function, and the confidence limits under a lognormal distribution.