CFP last date
22 April 2024
Reseach Article

Quantifying Security Risk by Critical Network Vulnerabilities Assessment

by Umesh Kumar Singh, Chanchala Joshi
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 156 - Number 13
Year of Publication: 2016
Authors: Umesh Kumar Singh, Chanchala Joshi
10.5120/ijca2016912426

Umesh Kumar Singh, Chanchala Joshi . Quantifying Security Risk by Critical Network Vulnerabilities Assessment. International Journal of Computer Applications. 156, 13 ( Dec 2016), 26-33. DOI=10.5120/ijca2016912426

@article{ 10.5120/ijca2016912426,
author = { Umesh Kumar Singh, Chanchala Joshi },
title = { Quantifying Security Risk by Critical Network Vulnerabilities Assessment },
journal = { International Journal of Computer Applications },
issue_date = { Dec 2016 },
volume = { 156 },
number = { 13 },
month = { Dec },
year = { 2016 },
issn = { 0975-8887 },
pages = { 26-33 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume156/number13/26780-2016912426/ },
doi = { 10.5120/ijca2016912426 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:02:32.818741+05:30
%A Umesh Kumar Singh
%A Chanchala Joshi
%T Quantifying Security Risk by Critical Network Vulnerabilities Assessment
%J International Journal of Computer Applications
%@ 0975-8887
%V 156
%N 13
%P 26-33
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Network vulnerability is the weaknesses in the network configuration that inadvertently allows dangerous operations and poses serious security threats. An attacker can exploit these vulnerabilities to gain unauthorized access to the system. Hence, detection and remediation of network vulnerabilities is critical for network security. This paper proposed method for effective risk level estimation by using a new introduced metric, the Hazard Metric (HM) which identifies the probability of attacks in user environments. As in network environment the number of attacks scenario increases, there is higher probability of compromising a target and thus the overall security of the network reduces. Thus, there is a need for quantification of security level of a specific network. The HM measures the probability of successful exploits by estimation of impact and likelihood of the attacks, which is to quantify the degree of security strength against vulnerability exploit in a network system. The proposed method prioritizes the mitigation of discovered vulnerabilities according to their risk levels. The methodology is tested in Vikram University Ujjain, India’s network environment. The results represent the system trustworthiness.

References
  1. Nessus Vulnerability Scanner, http://www.tenable.com/products/nessus-vulnerability-scanner
  2. IBM Rational AppScan, 2008, http://www.ibm.com/software/awdtools/appscan/
  3. Acunetix Web Vulnerability Scanner, 2008,http://www.acunetix.com/vulnerability-scanner/Nmap
  4. Netsparker Web Vulnerability Scanner, 2012, https://www.netsparker.com/web-vulnerability-scanner/
  5. A. Tripathi, and U K. Singh, “Evaluation of severity index of vulnerability categories”, Int. J. Information and Computer Security, Vol. 5, No. 4, 2013 pp. 275-289
  6. C. Joshi, and U.K. Singh, “ADMIT- A Five Dimensional Approach towards Standardization of Network and Computer Attack Taxonomies”. International Journal of Computer Application (IJCA, 0975 – 8887), Volume 100, Issue 5, August 2014, pp 30-36
  7. C. Joshi, and U.K. Singh, “A Review on Taxonomies of Attacks and Vulnerability in Computer and Network System”. International Journal of Advanced Research in Computer Science and Software Engineering (IJRCSSE) Volume 5, Issue 1, January 2015, pp 742-747.
  8. C. Joshi, and U. K Singh, “Performance Evaluation of Web Application Security Scanners for More Effective Defense” International Journal of Scientific and Research Publications (IJSRP), Volume 6, Issue 6, June 2016, ISSN 2250-3153, pp 660-667.
  9. C. Joshi, and U. K Singh, “Analysis of Vulnerability Scanners in Quest of Current Information Security Landscape”, International Journal of Computer Application (IJCA 0975 – 8887), Volume 146(2), July 2016, ISBN 973-93-80883-35-9, pp 1-7.
  10. A. Tripathi, and U K. Singh, “A model for quantitative security measurement and prioritisation of vulnerability mitigation” Int. J. Security and Networks, Vol. 8, No. 3, 2013 pp. 139-153.
  11. M. Tupper and A. N. Zincir-Heywood, "VEA-bility Security Metric: A Network Security Analysis Tool," Availability, Reliability and Security, 2008. ARES 08. Third International IEEE Conference on, Barcelona, 2008, pp. 950-957.
  12. J. Pagett, and S.L. Ng , “Improving Residual Risk Management Through the Use of Security Metrics”, Royal Holloway Series 2010.
  13. CVSS v3.0 specification document, Available: https://www.first.org/cvss/specification-document.
  14. National Vulnerability Database, Available: http://nvd.nist.gov
  15. CVE - Common Vulnerabilities and Exposures (CVE), Available: https://cve.mitre.org/
  16. U. K. Singh, and C. Joshi, “Quantitative Security Risk Evaluation using CVSS Metrics by Estimation of Frequency and Maturity of Exploit”, Proceedings of the World Congress on Engineering and Computer Science 2016 Vol I WCECS 2016, San Francisco, USA, October 19-21, 2016, ISBN: 978-988-14047-1-8, ISSN: 2078-0958 (Print), ISSN: 2078-0966 (Online).
  17. U. K. Singh, and C. Joshi, “Information Security Assessment by Quantifying Risk Level of Network Vulnerabilities”, International Journal of Computer Applications, Volume 156, Issue 2, pp.37-44, December 2016.
  18. Nirnay Ghosh., and S. K. Ghosh . “An Approach for Security Assessment of Network Configurations using Attack Graph”, In First International Conference on Networks & Communications (2009).
  19. L. Wang, A. Singhal, and S. Jajodia. “Measuring the overall security of network configurations using attack graphs”, In Proceedings of the 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec), July 2007.
  20. N. Ghosh, and S. K. Ghosh. “An Intelligent Technique for Generating Minimal Attack Graph”, In proceedings of the 21st annual computer security applications conference(ACSAC 2005)
  21. U. K. Singh, and C. Joshi, “Measurement of Security Dangers in University Network”, International Journal of Computer Applications, Volume 155, Issue1, pp.6-10, December 2016.
Index Terms

Computer Science
Information Sciences

Keywords

CVSS score risk level security measurement security metrics vulnerability