Vulnerability Ranking Based on Exploitation and Defense Graph
Network security analysis based on attack graphs has been applied extensively in recent years. The ranking of nodes in an attack graph is an important step towards analyzing network security, which can distill the overwhelming amount of information into a list of priorities that will help network administrators to efficiently utilize scarce resources. In this paper, we propose a new methodology called DBRank for ranking vulnerabilities to patch in computing networks. DBRank prioritizes vulnerabilities based on the diffusibility and benefit of vulnerability exploitation. Different from other approaches, DBRank takes into account the network topology and exploitation benefit in calculating their relative risk and priority. The experiments yielded promising results that this method can be used in hardening network security.
Exploitation and Defense Graph Vulnerability Ranking Security Metric
Xia Yang Song Shunhong Lu Yuliang
Department of Network Engineering Electronic Engineering Institute Hefei,230037,China
国际会议
昆明
英文
163-167
2010-10-17(万方平台首次上网日期,不代表论文的发表时间)