{"title":"网络服务环境脆弱性自动分析框架","authors":"Dimitris Koutras, Panayiotis Kotzanikolaou, Evangelos Paklatzis, Christos Grigoriadis, Christos Douligeris","doi":"10.52953/tbfn5500","DOIUrl":null,"url":null,"abstract":"The primary objective of this paper is to introduce a comprehensive framework designed to automate the assessment of environmental vulnerability status of communication protocols and networked services, within operational contexts. The proposed algorithm leverages the Common Vulnerability Scoring System version 3 (CVSS 3) metrics in conjunction with network security data. The initial step involves the establishment of a network security ontology, which serves to model the environmental attributes associated with the current security posture of communication protocol channels available within an infrastructure. The process commences with the identification and enumeration of all active communication services through a combination of diverse information gathering tools. Subsequently, active network services undergo assessment using a blend of passive scanning and active security analysis tools, which produce the environmental security score. This score can be integrated into vulnerability scoring systems such as CVSS, facilitating the fine-tuning of base CVSS scores, as well as vulnerability mitigation in real-world environments. To validate the proposed framework, we conducted testing across various networks and communication protocols within a controlled environment, thereby offering tangible illustrations for widely-utilized communication protocols.","PeriodicalId":274720,"journal":{"name":"ITU Journal on Future and Evolving Technologies","volume":"32 8","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A framework for automating environmental vulnerability analysis of network services\",\"authors\":\"Dimitris Koutras, Panayiotis Kotzanikolaou, Evangelos Paklatzis, Christos Grigoriadis, Christos Douligeris\",\"doi\":\"10.52953/tbfn5500\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The primary objective of this paper is to introduce a comprehensive framework designed to automate the assessment of environmental vulnerability status of communication protocols and networked services, within operational contexts. The proposed algorithm leverages the Common Vulnerability Scoring System version 3 (CVSS 3) metrics in conjunction with network security data. The initial step involves the establishment of a network security ontology, which serves to model the environmental attributes associated with the current security posture of communication protocol channels available within an infrastructure. The process commences with the identification and enumeration of all active communication services through a combination of diverse information gathering tools. Subsequently, active network services undergo assessment using a blend of passive scanning and active security analysis tools, which produce the environmental security score. This score can be integrated into vulnerability scoring systems such as CVSS, facilitating the fine-tuning of base CVSS scores, as well as vulnerability mitigation in real-world environments. To validate the proposed framework, we conducted testing across various networks and communication protocols within a controlled environment, thereby offering tangible illustrations for widely-utilized communication protocols.\",\"PeriodicalId\":274720,\"journal\":{\"name\":\"ITU Journal on Future and Evolving Technologies\",\"volume\":\"32 8\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-03-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ITU Journal on Future and Evolving Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.52953/tbfn5500\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ITU Journal on Future and Evolving Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.52953/tbfn5500","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A framework for automating environmental vulnerability analysis of network services
The primary objective of this paper is to introduce a comprehensive framework designed to automate the assessment of environmental vulnerability status of communication protocols and networked services, within operational contexts. The proposed algorithm leverages the Common Vulnerability Scoring System version 3 (CVSS 3) metrics in conjunction with network security data. The initial step involves the establishment of a network security ontology, which serves to model the environmental attributes associated with the current security posture of communication protocol channels available within an infrastructure. The process commences with the identification and enumeration of all active communication services through a combination of diverse information gathering tools. Subsequently, active network services undergo assessment using a blend of passive scanning and active security analysis tools, which produce the environmental security score. This score can be integrated into vulnerability scoring systems such as CVSS, facilitating the fine-tuning of base CVSS scores, as well as vulnerability mitigation in real-world environments. To validate the proposed framework, we conducted testing across various networks and communication protocols within a controlled environment, thereby offering tangible illustrations for widely-utilized communication protocols.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
