Analysis security metric on bro IPS based on CVSS and vea-bility metric

2017 International Conference on Control, Electronics, Renewable Energy and Communications (ICCREC) Pub Date : 2017-09-01 DOI:10.1109/ICCEREC.2017.8226685

I. M. D. Suryadinata, S. M. Nasution, Marisa W. Paryasto

{"title":"Analysis security metric on bro IPS based on CVSS and vea-bility metric","authors":"I. M. D. Suryadinata, S. M. Nasution, Marisa W. Paryasto","doi":"10.1109/ICCEREC.2017.8226685","DOIUrl":null,"url":null,"abstract":"Server security is necessary to avoid all attack that will happen. IPS (Intrusion Prevention System) is an example of right solution for the security system. IPS can prevent an attack by using the IDS (Intrusion Detection System) and firewall features. In this paper, bro IPS on the server will be tested with some attack include DOS (Denial of Service), port scanning, and ftp brute force to ensure the IPS works well. These attack will conclude the point of security metric and we can calculate it using CVSS and VEA-bility metric with three different topologies which the value of that metric will determine how secure a system owned by a range of value 0 to 10 based on calculation involving the value of vulnerability dimension, exploitability dimension and attackability dimension. In this experiment we got 3.07 score from non-firewall topology, 5.97 score from separated server topology, and 6.8 score from separated server and firewall topology. Meanwhile we got 1.83 score for DOS attack, 0.267 score for port scanning attack and 4.27 for FTP brute force attack for CVSS value.","PeriodicalId":328054,"journal":{"name":"2017 International Conference on Control, Electronics, Renewable Energy and Communications (ICCREC)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference on Control, Electronics, Renewable Energy and Communications (ICCREC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCEREC.2017.8226685","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Server security is necessary to avoid all attack that will happen. IPS (Intrusion Prevention System) is an example of right solution for the security system. IPS can prevent an attack by using the IDS (Intrusion Detection System) and firewall features. In this paper, bro IPS on the server will be tested with some attack include DOS (Denial of Service), port scanning, and ftp brute force to ensure the IPS works well. These attack will conclude the point of security metric and we can calculate it using CVSS and VEA-bility metric with three different topologies which the value of that metric will determine how secure a system owned by a range of value 0 to 10 based on calculation involving the value of vulnerability dimension, exploitability dimension and attackability dimension. In this experiment we got 3.07 score from non-firewall topology, 5.97 score from separated server topology, and 6.8 score from separated server and firewall topology. Meanwhile we got 1.83 score for DOS attack, 0.267 score for port scanning attack and 4.27 for FTP brute force attack for CVSS value.

查看原文本刊更多论文

分析了基于CVSS和可靠性度量的兄弟入侵防御系统的安全度量

服务器安全对于避免所有可能发生的攻击是必要的。入侵防御系统(IPS, Intrusion Prevention System)是安全系统解决方案的一个例子。IPS可以利用入侵检测系统(IDS)和防火墙的特性来防御攻击。本文将对服务器上的兄弟IPS进行测试，包括DOS(拒绝服务)攻击，端口扫描和ftp暴力破解，以确保IPS正常工作。这些攻击将总结安全度量的点，我们可以使用CVSS和vea - ability度量与三种不同的拓扑来计算它，该度量的值将根据涉及漏洞维度，可利用性维度和可攻击性维度的值的计算，确定由值0到10的范围内拥有的系统的安全性。在本实验中，非防火墙拓扑的得分为3.07分，分离服务器拓扑的得分为5.97分，分离服务器和防火墙拓扑的得分为6.8分。同时，我们的DOS攻击得分为1.83分，端口扫描攻击得分为0.267分，FTP暴力攻击得分为4.27分。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 International Conference on Control, Electronics, Renewable Energy and Communications (ICCREC)

自引率

0.00%

发文量