• Title/Summary/Keyword: network vulnerability

Search Result 419, Processing Time 0.022 seconds

A quantitative assessment method of network information security vulnerability detection risk based on the meta feature system of network security data

  • Lin, Weiwei;Yang, Chaofan;Zhang, Zeqing;Xue, Xingsi;Haga, Reiko
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.15 no.12
    • /
    • pp.4531-4544
    • /
    • 2021
  • Because the traditional network information security vulnerability risk assessment method does not set the weight, it is easy for security personnel to fail to evaluate the value of information security vulnerability risk according to the calculation value of network centrality, resulting in poor evaluation effect. Therefore, based on the network security data element feature system, this study designed a quantitative assessment method of network information security vulnerability detection risk under single transmission state. In the case of single transmission state, the multi-dimensional analysis of network information security vulnerability is carried out by using the analysis model. On this basis, the weight is set, and the intrinsic attribute value of information security vulnerability is quantified by using the qualitative method. In order to comprehensively evaluate information security vulnerability, the efficacy coefficient method is used to transform information security vulnerability associated risk, and the information security vulnerability risk value is obtained, so as to realize the quantitative evaluation of network information security vulnerability detection under single transmission state. The calculated values of network centrality of the traditional method and the proposed method are tested respectively, and the evaluation of the two methods is evaluated according to the calculated results. The experimental results show that the proposed method can be used to calculate the network centrality value in the complex information security vulnerability space network, and the output evaluation result has a high signal-to-noise ratio, and the evaluation effect is obviously better than the traditional method.

Simulation-based Network Vulnerability Analysis Using the SIMVA (SIMVA를 이용한 시뮬레이션 기반의 네트워크 취약성 분석)

  • You Yong-Jun;Lee Jang-Se;Chi Sung-Do
    • Journal of the Korea Society for Simulation
    • /
    • v.13 no.3
    • /
    • pp.21-29
    • /
    • 2004
  • The major objective of this paper is to analyze network vulnerabilities using the SIMVA (SIMualtion-based Vulnerability Analyzer). SIMVA is capable of monitor network status and analyze vulnerabilities automatically. To do this, we have employed the advanced modeling and simulation concepts such as SES/MB (System Entity Structure / Model Base) framework, DEVS (Discrete Event System Specification) formalism, and experimental frame for developing network security models and simulation-based analysis of vulnerability. SIMVA can analyze static vulnerability as well as dynamic vulnerability consistently and quantitatively. In this paper, we verified and tested the capability of application of SIMVA by slammer worm attack scenario.

  • PDF

Vulnerability Assessment of a Large Sized Power System Using Neural Network Considering Various Feature Extraction Methods

  • Haidar, Ahmed M. A;Mohamed, Azah;Hussian, Aini
    • Journal of Electrical Engineering and Technology
    • /
    • v.3 no.2
    • /
    • pp.167-176
    • /
    • 2008
  • Vulnerability assessment of power systems is important so as to determine their ability to continue to provide service in case of any unforeseen catastrophic contingency such as power system component failures, communication system failures, human operator error, and natural calamity. An approach towards the development of on-line power system vulnerability assessment is by means of using an artificial neural network(ANN), which is being used successfully in many areas of power systems because of its ability to handle the fusion of multiple sources of data and information. An important consideration when applying ANN in power system vulnerability assessment is the proper selection and dimension reduction of training features. This paper aims to investigate the effect of using various feature extraction methods on the performance of ANN as well as to evaluate and compare the efficiency of the proposed feature extraction method named as neural network weight extraction. For assessing vulnerability of power systems, a vulnerability index based on power system loss is used and considered as the ANN output. To illustrate the effectiveness of ANN considering various feature extraction methods for vulnerability assessment on a large sized power system, it is verified on the IEEE 300-bus test system.

Comparative Analysis of Network-based Vulnerability Scanner for application in Nuclear Power Plants (원전 적용을 위한 네트워크 기반 취약점 스캐너의 비교 분석)

  • Lim, Su-chang;Kim, Do-yeon
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.22 no.10
    • /
    • pp.1392-1397
    • /
    • 2018
  • Nuclear power plants(NPPs) are protected as core facilities managed by major countries. Applying general IT technology to facilities of NPPs, the proportion of utilizing the digitized resources for the rest of the assets except for the existing installed analog type operating resources is increasing. Using the network to control the IT assets of NPPs can provide significant benefits, but the potential vulnerability of existing IT resources can lead to significant cyber security breaches that threaten the entire NPPs. In this paper, we analyze the nuclear cyber security vulnerability regulatory requirements, characteristics of existing vulnerability scanners and their requirements and investigate commercial and free vulnerability scanners. Based on the proposed application method, we can improve the efficiency of checking the network security vulnerability of NPPs when applying vulnerability scanner to NPPs.

Assessing Vulnerability and Risk of Sensor Networks under Node Compromise (Node Compromise에 대한 무선 센서 네트워크의 취약성 및 위험 평가)

  • Park, Jong-Sou;Suh, Yoon-Kyung;Lee, Seul-Ki;Lee, Jang-Se;Kim, Dong-Seong
    • Convergence Security Journal
    • /
    • v.7 no.4
    • /
    • pp.51-60
    • /
    • 2007
  • It is important to assess vulnerability of network and information system to countermeasure against a variety of attack in effective and efficient way. But vulnerability and risk assessment methodology for network and information systems could not be directly applied to sensor networks because sensor networks have different properties compared to traditional network and information system. This paper proposes a vulnerability assessment framework for cluster based sensor networks. The vulnerability assessment for sensor networks is presented. Finally, the case study in cluster based sensor networks is described to show possibility of the framework.

  • PDF

An Automatic Network Vulnerability Analysis System using Multiple Vulnerability Scanners (다양한 취약점 점검 도구를 이용한 자동화된 네트워크 취약점 통합 분석 시스템 설계)

  • Yoon, Jun;Sim, Won-Tae
    • Journal of KIISE:Computing Practices and Letters
    • /
    • v.14 no.2
    • /
    • pp.246-250
    • /
    • 2008
  • This paper presents the design of network vulnerability analysis system which can integrate various vulnerability assessment tools to improve the preciseness of the vulnerability scan result. Manual checking method performed by a security expert is the most precise and safe way. But this is not appropriate for the large-scale network which has a lot of systems and network devices. Therefore automatic scanning tool is recommended for fast and convenient use. The scanning targets may be different according to the kind of vulnerability scanners, or otherwise even for the same scanning target, the scanning items and the scanning results may be different by each vulnerability scanner, Accordingly, there are the cases in which various scanners, instead of a single scanner, are simultaneously utilized with the purpose of complementing each other. However, in the case of simultaneously utilizing various scanners on the large-scale network, the integrative analysis and relevance analysis on vulnerability information by a security manager becomes time-consumable or impossible. The network vulnerability analysis system suggested in this paper provides interface which allows various vulnerability assessment tools to easily be integrated, common policy which can be applied for various tools at the same time, and automated integrative process.

Assessing the Vulnerability of Network Topologies under Large-Scale Regional Failures

  • Peng, Wei;Li, Zimu;Liu, Yujing;Su, Jinshu
    • Journal of Communications and Networks
    • /
    • v.14 no.4
    • /
    • pp.451-460
    • /
    • 2012
  • Natural disasters often lead to regional failures that can cause network nodes and links co-located in a large geographical area to fail. Novel approaches are required to assess the network vulnerability under such regional failures. In this paper, we investigate the vulnerability of networks by considering the geometric properties of regional failures and network nodes. To evaluate the criticality of node locations and determine the critical areas in a network, we propose the concept of ${\alpha}$-critical-distance with a given failure impact ratio ${\alpha}$, and we formulate two optimization problems based on the concept. By analyzing the geometric properties of the problems, we show that although finding critical nodes or links in a pure graph is a NP-complete problem, the problem of finding critical areas has polynomial time complexity. We propose two algorithms to deal with these problems and analyze their time complexities. Using real city-level Internet topology data, we conducted experiments to compute the ${\alpha}$-critical-distances for different networks. The computational results demonstrate the differences in vulnerability of different networks. The results also indicate that the critical area of a network can be estimated by limiting failure centers on the locations of network nodes. Additionally, we find that with the same impact ratio ${\alpha}$, the topologies examined have larger ${\alpha}$-critical-distances when the network performance is measured using the giant component size instead of the other two metrics. Similar results are obtained when the network performance is measured using the average two terminal reliability and the network efficiency, although computation of the former entails less time complexity than that of the latter.

STRIDE and HARM Based Cloud Network Vulnerability Detection Scheme (STRIDE 및 HARM 기반 클라우드 네트워크 취약점 탐지 기법)

  • Jo, Jeong-Seok;Kwak, Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.3
    • /
    • pp.599-612
    • /
    • 2019
  • Cloud networks are used to provide various services. As services are increasingly deployed using cloud networks, there are a number of resources in the cloud that leverage a variety of environments and protocols. However, there is a security intrusion on these resources, and research on cloud network vulnerability detection is required as threats to cloud resources emerge. In this paper, we propose a vulnerability detection scheme using STRIDE and HARM for vulnerability detection of resources utilizing various environments and protocols, and present cloud network vulnerability detection scheme through vulnerability detection scenario composition.

A Study on the Factors Affecting Continuous Intention and Expansion of Communication Channels in Social Network Service (소셜네트워크서비스에서 지속사용의도 및 관계채널확장에 영향을 미치는 요인에 관한 연구)

  • Park, Seon-Hwa;Gim, Gwang-Yong
    • Journal of Information Technology Services
    • /
    • v.11 no.2
    • /
    • pp.319-337
    • /
    • 2012
  • To stress the importance of privacy in social networking, I presented an analysis on how information control and information management vulnerability influence trust and privacy concerns in social networking, and how trust and privacy concerns influence the sustainable usage intention of social network services. I also analyzed the factors affecting privacy concerns to present the method to alleviate social network users' concerns about privacy. Information collection control, information processing control and information management vulnerability were chosen and analyzed as the factors affecting privacy concerns. The results showed that information collection control and information management vulnerability significantly affected trust and privacy concerns; and information processing control did not significantly affect privacy concerns. The relationship between trust and privacy concerns, and sustainable usage intention was statistically significant; and the relationship between trust and expansion of communication channels was also statistically significant.

Method of Vulnerability Analysis from Layer Scanning (Layer별 Scanning을 사용한 취약성 분석 방법)

  • Chun, Woo-Sung;Park, Dea-Woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2010.05a
    • /
    • pp.277-280
    • /
    • 2010
  • Network based on the OSI 7 Layer communication protocol is implemented, and the Internet TCP / IP Layer Based on the vulnerability is discovered and attacked. In this paper, using the programs on the network Layer Scanning conducted by the Layer-by each subsequent vulnerability analysis. Layer by Scanning each vulnerability analysis program to analyze the differences will be studied. Scanning for the studies in the program reflects the characteristics of the Scanning Features of way, and security countermeasures by each Layer is presented. The results of this study was to analyze its vulnerability to hackers and security for defense policy as the data is utilized to enhance the security of the network will contribute.

  • PDF