TriAssetRank: Ranking Vulnerabilities, Exploits, and Privileges for Countermeasures Prioritization

Abstract

Network defence practices have no standardized mechanism for determining the priority of threat events. Prioritization of cyber vulnerabilities intends to make network administrators focus on the most critical points within the system to mitigate potential damages produced by attackers. More likely, in managing vulnerabilities, current approaches always focus on the common vulnerability exposures (CVE), which are not the only existing vulnerabilities in a network. Also, while the Common Vulnerability Scoring System (CVSS) effectively scores individual vulnerabilities, it fails to consider the relationships between them but considers each vulnerability in isolation. Existing research, such as the ‘AssetRank’ algorithm, has made progress in exploring these relationships. Building on this foundation, in this paper we propose TriAssetRank, a tripartite ranking algorithm that evaluates three key elements within a logical attack graph: vulnerabilities, privileges, and potential attack exploits. Since each node type has its unique characteristics and potential impact on the system’s security, we rank them in concert, taking into account the dependencies between nodes in the attack graph. The proposed ranking scheme computes a numerical value for each node based on its type, which is a clear indication of how valuable it is to a potential attacker. Several tests on various model networks have empirically validated the effectiveness of the algorithm, which enables organizations to prioritize countermeasures by identifying the most critical vulnerabilities, exploits, and privilege escalation risks, allowing efficient allocation of resources to mitigate high-impact threats and reduce overall risk exposure effectively.