Documente Academic
Documente Profesional
Documente Cultură
Abstract-In order to quantify the risk of security network attack graph, the effective integration of the
vulnerabilities, a vulnerability risk assessment methodology is correlation between the vulnerability can make a scientific
proposed based on connectivity Operators, and vulnerability assessment of the cost of the attack. [n [7], the author
relationship is quantitatively analyzed on the use of the proposed expansion of the network attack graph generation
vulnerability attack graph. Two kinds of connectivity operator method, and a network attack strategy generation algorithm
are proposed to calculate the connectivity between
based on expansion of the network attack graph is proposed.
vulnerability, achieving a quantitative analysis of the
[n this paper, for the problem of quantitative assessment
vulnerability's self risk and spread risk. On this basis the risk
of information system security vulnerabilities, connectivity
assessment algorithm VREA-CO is raised, assessing the system
and value of vulnerability is defined, and a quantitative
overall risk. The vulnerability assessment results can help
analysis method of using the effect and interaction between
managers identify key vulnerabilities, and improve safety
management efficiency. Example analysis shows that the
vulnerability attack graphs and security vulnerability. On
method is feasible and effective.
this basis, we achieved a quantitative calculation of the
connectivity of vulnerability by designing two kinds of
Keywords-vulnerability risk; risk assessment; connectivity connectivity operators, and proposed Vulnerability Risk
operator; vulnerability attack graph; self risk; spread risk Evaluation Algorithm based on Connectivity
Operator(VREA-CO), and realized assessment of the
I. I NTRODUCTION information system security vulnerabilities their self risk
Risk matrix is mathematical tool to describe the network and the risk of transmission accurately and completely, it is
system vulnerability relationship based on the adjacency possible to identify the degree of vulnerabilities risk for
matrix[ll. In [2], the author proposed risk adjacency matrix security personnel, and to provide effective help for
method based on attack graph, and the rationality and carrying out security defense.
validity of mentioned methods are verified by the
[I. VULNERABILITY CONNECTIVITY AND V ALUE
experiment. [n [3], the author constructed a attack paths
vulnerability matrix which rows represent the attack host Vulnerability connectivity represents the possibility of
vulnerabilities and columns represent the next attack host attacker to exploit a vulnerability attack another. This paper
vulnerabilities, but the matrix element is 1 or 0, only refers CVSS vulnerabilities evaluation methods which
as Pij =
Attack Graph uses vulnerability node N as figure node and
f
AU . .
' W h'IC h Pij E (0,1). Host connectivity
AG = {N, L} which N (npn2' ",n",) is node set, it represents
attack path as the directed edge, so it is a directed graph
AU+ '\fAC-AV
I =
availability of the vulnerability, which are described by CI, Payoffs of attacker and
I Attacker : Defender
s Attack
II, AI in CVSS respectively, as shown in Fig. 2. We can I defender
I
�
evaluate the value of vulnerability by the three properties CI, I
stAtratteagyck 3)Y
-
System asset 1
\ / ,-----_/
< ��:�����:
connectivity which has directly relation between two nodes.
Conf'idcntiality
VAG and M have the following characteristics:
(1) VAG is correspond with adjacency matrix M;
Impact1v1etrics Vulnerability (2) In the adjacency matrix M, if there are elements of
't- - - -( Integrity
(AC) (II) Value
/
980
zero, v IS the number of vulnerabilities, Pu IS the The biggest drawback of single-step risk matrix is that it
connectivity between vulnerabilities. can only represent neighboring connectivity between two
nodes, but can not represent connectivity between the
IV. CONNECTIVITY OPRATOR vulnerabilities which have multi-step attack in the attack
graph. If the risk matrix element represents the possibility of
A. Comprehensive Connectivity several times penetration attack along a path in the figure,
In [6], the authors proposed a multi-step method for and we call it multi-step risk matrix.
calculating the risk of adjacent matrix elements, which the According to the significance of risk matrix elements,
result evaluates the maximum possible loss between two Pu represent the connectivity of having directed using
nodes. This paper analyzes the node connectivity and node
relationship between node ni and node nj• Therefore, the
loss independently, as two independent factors to assess the
vulnerability risk. On the basis of the definition of the two-step risk matrix can be calculated as follow
adjacent node connectivity, we can get comprehensive
connectivity between any two nodes in VAG, and the (2) (2)
calculation method is described in the example as shown in M(2)=M0M= P21 P22 , which p�2) represent
Fig. 4.
(2) (2) (2)
P"I P,2 P'"
two-step connectivity between the node i and node j. In the
4 follows
2
Figure 4. Multi-path node connectivity analysis. Pi.; ) = 1- IT(l- Pi/v.. P"j)
.
k�1
To sum up, the meaning of elements in M(r) is the r-step
As shown in Fig. 4, there are three paths between node 1 connectivity between any two nodes which have r steps. If n
and node 5, we can see the three-step connectivity of node 1 is the greatest step in VAG, then the elements in M(n)
to node 5 by probability calculation is pi;) = PI2P23P35' and represent n-step connectivity between any two nodes.
connectivity for the two-step is p i;) = PI4P 4 S' Considering V. VULNERABILITY RISK ASSESSMENT BASED ON
there is an one-step connectivity between the two nodes, CONNECTIVITY OPERATOR
then the comprehensive connectivity between node 1 and
node 5 is /314 = 1- (1- PIS)(1- pi�))(1- pi�)) .
A. SelfRisk Assessment
B.
Through the definition of vulnerabilities' self risk and
Connectivity Operator the spreading risk, we can evaluate the global risk of the
Definition 6 Connectivity Operator. On the basis of include self risk R, and spreading risk Ro of the
define the connectivity operator of risk matrix operations.
Pvl,'
(2) (2) (2) associated factors are vulnerability connectivity and the
Pvl Pv2
the sum of risk for both. Rw = R, + Ro .
effect value of vulnerabilities. Vulnerability global risk is
2 ,.
r=l The sum of all risks which may spread to the node k is
981
The global risk vector for system of vulnerability is:
the node self risk: RJk) = IA(l,k) = t (fllk . fI(k)) . RJl) Ro(l) 1\,.(1)
Then the self risk vector of information system R,(2) Ro(2)
vulnerability node is V(R,) [R,(I) R,(2) ... ]?,,( v)].
=
V(R,J' = VeRY + V(R,} = +
of vulnerabilities v;
Output: Vulnerability global risk vector V(RvJ ;
) XII. For(k=I;k=k+ l;k<=v)
p,�;) P:; p�:;> XTTT.
which r is the step number of the risk matrix. Let Mo For(l= 1;/=1+ 1;/<=v)
VI. Algorithm description:
XIV.
M[i][j]=Pij
VII. Initialization parameters:
M M(n ) , which n denotes the maximum step size and we
�
XV.
R,(k) = R,(k) + R,(l, k)
can obtain comprehensive connectivity Risk Matrix in VAG. Mo[i][j] = [0] ;
fll1 fl12 flh V (R J [ R J l )
= R , (2) X V I.
which
XVII.
Ro(k)= Ro(k)+ Ro(k,l)
fl"l fl", fly,.
the matrix element flij represents comprehensive
XVTTT. End For
connectivity between node i and node j. XIX. RoCk) = R,(k) + RoCk)
VIII. For(i= l;i=i+ l;i<=n)
If the nodes which path through is overlap, that is two
M(i) =M(i-I) ®M;
Mo=MoffiM(i);
IX.
different paths independently in parallel. Attacker may XX. End For
penetrate by the vulnerability using relationship, so the X. XXI. Output
vulnerability spread risk represents the attacker from the Xl. End For V(R".) = [R".(l) R".(2)
penetration of the vulnerability spread to other
vulnerabilities. This paper attempts to exploit risk matrix to XXII. END
which v is the number of vulnerabilities, fI(k) denotes the To illustrate the application of vulnerability analysis
algorithm in practice, we can scan the vulnerabilities of a
value vulnerability k, the spread risk vector of vulnerability
network. According the scanning results by Nessus we can
k is:
obtain the host port and vulnerability information. Assuming
fll l fll2 A fI(1) Ro(1) that there are five major network vulnerabilities, we extract
T T
V(Ro) =Mo'U = fl21 fl22 fl2' fI(2) Ro(2) information from vulnerability database NVD and Bugtraq
to obtain the exploit vulnerability mode. We evaluate
vulnerabilities by referring to CVSS scoring criteria, and the
flvl flv2 Ro(v) flw fI(V) property value of vulnerabilities and directed edge is as
Which the element of spread risk vector Ro(k) shown in Table I and Table II below.
represents spread risk caused by the vulnerability k for
Impact Metrics
VlD eVElD Description Value
Availlmpact ConjImpact Integlmpact
982
n4 6439 Weak Password 0 0.275 0.660 0. 312
Access Access
ElD Authentication Connectivity
Complexity Vector
According vulnerabilities and directed edge values, we corresponding assets are network frrewalls and DB Server,
can calculate the connectivity between vulnerability and the the former is database server and the latter is import and
vulnerability value, and the NetSPA system developed by export portal for network.
MIT generates VAG shown in Figure 5.
XXIV. CONCLUSION
P"s = 0.55
To assess the risk caused by network system security
vulnerabilities, the paper propose a risk assessment method
P�4 = 0.43
based on connectivity operator which including VAG,
r-------.(
---
connectivity operator and vulnerability risk assessment
PH = 0.47 Pi1 = 0.43
n3,4855,O.403 algorithm. The risk assessment person can make
���- 3
quantitative analysis based on the using relationship of
Figure 5 Vulnerability attack graph
vulnerability attack graph to network system with this
983
REFERENCES [4] CHEN Feng, ZHANG Vi, et at. Research of Quantitative
984