Augmenting MulVAL with automated extraction of vulnerabilities descriptions

摘要

Network attack graphs are a type of analysis tool that can be used to determine the impact that security vulnerabilities have on the network. It is important, then, for attack graphs to be able to represent enough information to aid this analysis. Moreover, they must be able to handle and integrate new vulnerabilities that are being discovered by the security community. We developed a prototype tool that can parse vulnerability descriptions, as provided in the CVE, to retrieve relevant information for generating interaction rules that can be incorporated into an attack graph generation software. The tool is able to parse correctly about 88.15% of sampled CVEs. Such a tool allows for the attack graphs generated to be up-to-date with any recently discovered vulnerabilities. Furthermore, the additional information provided by the generated rules enable more information to be used and represented in attack graphs in a simpler fashion, facilitating smoother analyses.