Network Exploration and Vulnerability Assessment Using a Combined 'Blackbox' and 'Whitebox' Analysis Approach

摘要

The increased reliance on advanced networking technologies to integrate cutting-edge capabilities has posed tremendous challenges in assuring user legitimacy and preserving the integrity of our network landscape. Without proper network accountability and holistic vulnerability assessment, insider threats can exploit the security vulnerabilities that result from creating an integrated system-of-systems. To detect security illegitimacies, such as unauthorized connections, network security administrators need to have a comprehensive network map to identify potential entry points. This thesis proposes a systematic way to combine 'black-box' and 'white-box' analysis for network exploration and vulnerability assessment. In the analytical model design, a modular approach is adopted to select tools and techniques from both analysis approaches. These tools and techniques are used to construct a network map based on a pre-defined set of criteria that define the type of essential network information to be annotated on the map. The 'black-box' and 'white-box' analysis approaches were found to be complementary. For example, 'black-box' analysis was able to map active hosts and networking devices, but 'white-box' analysis was able to detect those that are inactive or do not respond to pings. Moreover, 'black-box' analysis provides a focal point for 'white-box' analysis approach to derive in-depth information regarding unauthorized connections.