首页> 外文会议> >Zero-Day Vulnerability Risk Assessment and Attack Path Analysis Using Security Metric

【24h】

Zero-Day Vulnerability Risk Assessment and Attack Path Analysis Using Security Metric

机译：零日漏洞风险评估和使用安全指标的攻击路径分析

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Zero-day vulnerability has been considered one of the most serious threats to network security at present. Current researches on zero-day vulnerability risk assessment are mainly focused on the number of necessary zero-day vulnerabilities for attack to exploit to reach the target. However, in practice, it is difficult to realize risk assessment of single zero-day vulnerability by existing methods. In this paper, a zero-day vulnerability and attack path risk assessment method is proposed for internal network. Four kinds of security metrics and a zero-day vulnerability discovery and zero-day attack graph generation algorithm are designed. By contrasting the preconditions with postconditions of known vulnerabilities, attack complexity and impact of zero-day vulnerabilities in various contexts are analyzed. Experimental results show that the proposed method can quantitatively assess risk of single zero-day vulnerability and attack path from multiple dimensionalities.

机译：零日漏洞被认为是当前对网络安全的最严重威胁之一。当前对零时差漏洞风险评估的研究主要集中在攻击所需的零时差漏洞数量上，以进行攻击以达到目标。但是，在实践中，难以通过现有方法对单个零日漏洞进行风险评估。本文提出了一种针对内部网络的零日漏洞和攻击路径风险评估方法。设计了四种安全指标以及零日漏洞发现和零日攻击图生成算法。通过将已知漏洞的先决条件与后置条件进行对比，分析了各种情况下的攻击复杂性和零日漏洞的影响。实验结果表明，该方法可以从多个维度定量评估单个零日漏洞和攻击路径的风险。

著录项

来源
《》|2019年|266-278|共13页
会议地点
作者
Ziwei Ye; Yuanbo Guo; Ankang Ju;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Zero-day vulnerability; Security metric; Attack graph; Attack path; Risk assessment;

机译：零日漏洞;安全指标;攻击图;攻击路径;风险评估;

相似文献

外文文献
中文文献
专利

1. Network Diversity: A Security Metric for Evaluating the Resilience of Networks Against Zero-Day Attacks [J] . Mengyuan Zhang, Lingyu Wang, Sushil Jajodia, IEEE transactions on information forensics and security . 2016,第5期

机译：网络多样性：评估网络抵御零日攻击的弹性的安全指标
2. An Enhanced Framework for Identification and Risks Assessment of Zero-Day Vulnerabilities [J] . Chanchala Joshi, Umesh Kumar Singh, Dimitris Kanellopoulos International Journal of Applied Engineering Research . 2018,第12aPta5期

机译：一种增强的识别和风险评估零级漏洞的框架
3. Siemens and TUV SUD join forces against cyber threats: Siemens and TUV SUD have come together to address the growing risk of cyberattacks on critical infrastructure by collaborating to provide digital safety and security assessments, as well as industrial vulnerability assessments to help global energy players identify asset risk and cybersecurity solutions [J] . Mark Tisshaw Modern Power Systems: Communicating Power Technology Worldwide . 2019,第5期

机译：西门子和TUV SUD加入Cyber威胁：西门子和TUV SUD通过合作提供数字安全和安全评估，以及帮助全球能源球员识别资产的工业脆弱性评估，以促进跨国基础设施的越来越危险的网络角落的风险。风险和网络安全解决方案
4. Zero-Day Vulnerability Risk Assessment and Attack Path Analysis Using Security Metric [C] . Ziwei Ye, Yuanbo Guo, Ankang Ju International Conference on Artificial Intelligence and Security . 2019

机译：零天漏洞风险评估和使用安全指标的攻击路径分析
5. Cybersecurity: Zero-Day Vulnerabilities and Attack Vectors [D] . Williams, Thomas Lloyd. 2021

机译：网络安全：零天漏洞和攻击向量
6. Quantitative risk analysis using vulnerability indicators to assess food insecurity in the Niayes agricultural region of West Senegal [O] . Mateugue Diack, Macoumba Loum, Cheikh T. Diop, 2017

机译：使用脆弱性指标进行定量风险分析以评估西塞内加尔尼亚耶斯农业地区的粮食不安全状况
7. Stochastic Counterfactual Risk Analysis for the Vulnerability Assessment of Cyber‐Physical Attacks on Electricity Distribution Infrastructure Networks [O] . Edward J. Oughton, Daniel Ralph, Raghav Pant, 2019

机译：电力分配基础设施网络网络物理攻击脆弱性评估随机反应性风险分析
8. Risk Assessment and LAVA's (Los Alamos Vulnerability and Risk Assessment) Dynamic Threat Analysis. [R] . Smith, S. T. 1989

机译：风险评估和LaVa（洛斯阿拉莫斯漏洞和风险评估）动态威胁分析。

Zero-Day Vulnerability Risk Assessment and Attack Path Analysis Using Security Metric

摘要

著录项

相似文献

相关主题

期刊订阅