Abstract
Computing a prioritized set of vulnerabilities to patch is important for system administrators to determine the order of vulnerabilities to be patched that are more critical to the network security. One way to assess and analyze security to find vulnerabilities to be patched is to use attack representation models (ARMs). However, security solutions using ARMs are optimized for only the current state of the networked system. Therefore, the ARM must reanalyze the network security, causing multiple iterations of the same task to obtain the prioritized set of vulnerabilities to patch. To address this problem, we propose to use importance measures to rank network hosts and vulnerabilities, then combine these measures to prioritize the order of vulnerabilities to be patched. We show that nearly equivalent prioritized set of vulnerabilities can be computed in comparison to an exhaustive search method in various network scenarios, while the performance of computing the set is dramatically improved, while equivalent solutions are computed in various network scenarios.
Original language | English |
---|---|
Title of host publication | Proceedings of the International Conference on Dependable Systems and Networks |
Place of Publication | United States |
Publisher | IEEE, Institute of Electrical and Electronics Engineers |
Pages | 684-689 |
Number of pages | 6 |
ISBN (Electronic) | 9781479922338 |
DOIs | |
Publication status | Published - 18 Sep 2014 |
Externally published | Yes |
Event | 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014 - Atlanta, United States Duration: 23 Jun 2014 → 26 Jun 2014 |
Conference
Conference | 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014 |
---|---|
Country/Territory | United States |
City | Atlanta |
Period | 23/06/14 → 26/06/14 |