CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

Information Security Assessment by Quantifying Risk Level of Network Vulnerabilities

by Umesh Kumar Singh, Chanchala Joshi, Neha Gaud
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 156 - Number 2
Year of Publication: 2016
Authors: Umesh Kumar Singh, Chanchala Joshi, Neha Gaud
10.5120/ijca2016912375

Umesh Kumar Singh, Chanchala Joshi, Neha Gaud . Information Security Assessment by Quantifying Risk Level of Network Vulnerabilities. International Journal of Computer Applications. 156, 2 ( Dec 2016), 37-44. DOI=10.5120/ijca2016912375

@article{ 10.5120/ijca2016912375,
author = { Umesh Kumar Singh, Chanchala Joshi, Neha Gaud },
title = { Information Security Assessment by Quantifying Risk Level of Network Vulnerabilities },
journal = { International Journal of Computer Applications },
issue_date = { Dec 2016 },
volume = { 156 },
number = { 2 },
month = { Dec },
year = { 2016 },
issn = { 0975-8887 },
pages = { 37-44 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume156/number2/26684-2016912375/ },
doi = { 10.5120/ijca2016912375 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:01:32.875950+05:30
%A Umesh Kumar Singh
%A Chanchala Joshi
%A Neha Gaud
%T Information Security Assessment by Quantifying Risk Level of Network Vulnerabilities
%J International Journal of Computer Applications
%@ 0975-8887
%V 156
%N 2
%P 37-44
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

With increasing dependency on IT infrastructure, the main objective of a system administrator is to maintain a stable and secure network, with ensure that the network is robust enough against malicious network users like attackers and intruders. Security risk management provides way to manage the growing threats to infrastructures or system. This paper proposes a framework for risk level estimation that uses vulnerability database National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS). The proposedframework measuresthe frequency of vulnerability exploitation; converges this measured frequency with standard CVSS score and estimates the security risk levelwhich helps in automated and reasonable security management. In this paper, equation for the Temporal score calculation with respect to availability of remediation plan is derived and further, frequency of exploitation is calculated with determined temporal score. The frequency of exploitation along with CVSS score is used to calculate the security risk level of the system. The proposed framework uses the CVSS vectors for risk level estimation and measures the security level of specific network environment, which assists system administrator for assessment of security risks and making decision related to mitigation of security risks.

References
  1. The Common Vulnerability Scoring System, Available: https://www.first.org/cvss
  2. National Vulnerability Database, Available: http://nvd.nist.gov
  3. A. Tripathi and U.K. Singh, “On prioritization of vulnerability categories based on CVSS scores”, Proceedings of 6th International Conference on Computer Sciences and Convergence Information Technology, Korea, 2011, pp.692–697.
  4. A. Tripathi and U.K. Singh, “A proposal for common vulnerability classification scheme based on analysis of taxonomic features in vulnerability databases”, International Journal of Computer Science and Information Security, Vol. 9, No. 6, 2011, pp.106–111.
  5. A. Tripathi and U.K. Singh, “Analyzing trends in vulnerability classes across CVSS metrics”, International Journal of Computer Applications, Vol. 36, 2011, No. 3, pp.38–44.
  6. A. Tripathi and U.K. Singh, “Estimating risk level for vulnerability categories using CVSS”, International Journal of Internet Technology and Secured Transactions”, Vol. 4, No. 4, pp.272–289.
  7. C. Joshi and U. Singh, “Analysis of Vulnerability Scanners in Quest of Current Information Security Landscape” International Journal of Computer Application (IJCA, 0975 – 8887), Volume 145 No 2, July 2016, pp. 1-7.
  8. C. Joshi and U. Singh, “A Review on Taxonomies of Attacks and Vulnerability in Computer and Network System”.International Journal of Advanced Research in Computer Science and Software Engineering (IJRCSSE) Volume 5, Issue 1, January 2015, pp 742-747.
  9. C. Joshi C. and U. Singh, “ADMIT- A Five Dimensional Approach towards Standardization of Network and Computer Attack Taxonomies”. International Journal of Computer Application (IJCA, 0975 – 8887), Volume 100, Issue 5, August 2014, pp 30-36.
  10. R. E. Sawilla and X.Ou,, “Identifying critical attack assets in dependency attack graphs”. In: ESORICS ‘08: Proceedings of the 13th European Symposium on Research in Computer Security, Malaga, Spain, Springer-Verlag, 2008, pp. 18–34.
  11. W.U. Bin and A. J. WANG, “EVMAT: An OVAL and NVD Based Enterprise Vulnerability Modeling and Assessment Tool”, In Proceedings of ACMSE, Kennesaw, GA, USA, March 24-25, 2011, pp.115-120.
  12. “Risk Assessment and Mapping Guidelines for Disaster Management”, COMMISSION STAFF WORKING PAPER, Brussels, 2010.
  13. CVE - Common Vulnerabilities and Exposures (CVE), Available: https://cve.mitre.org/
  14. T. Hamid, C Maple, P. Sant., “Methodologies to Develop Quantitative Risk Evaluation Metrics”, International Journal of Computer Applications, Vol. 48 No.14, June 2012, pp.17-24.
  15. CVSS v3.0 specification document, Available: https://www.first.org/cvss/specification-document
  16. P. Mell, K. Scarfone, and S. Romanosky, “CVSS: A complete Guide to the Common Vulnerability Scoring System Version 2.0”, Forum of Incident Response and Security Teams (FIRST), 2007.
  17. A. Arora., R. Krishnan,R.Telang, Y. Yang, “An Empirical Analysis of Software Vendors’ Patching Behavior: Impact of Vulnerability Disclosure”, ICIS 2006 Proceedings, 2006, Paper 22.
  18. M. Ahmed, E. Al-Shaer and L. Khan, “A Novel Quantitative Approach for Measuring Network Security”, INFOCOM 2008, The 27th Conference on Computer Communications, IEEE, 13-18 April 2008.
  19. Common Vulnerability Scoring System Version 3, Available: Calculatorhttps://nvd.nist.gov/CVSS/v3-calculator.
  20. Red Hat Customer Portal, Available: https://access.redhat.com/security/cve/cve-2016-4051.
  21. CVE-2016-4051: SECURITY PATCH FOR SQUID (ALAS-2016-713), Available: https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2016-4051.
  22. Red Hat Customer Portalhttps://access.redhat.com/security/cve/cve-2016-4051.
  23. CVE-2016-4051: SecurityPatchforSquid (ALAS-2016-713)https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2016-4051.
Index Terms

Computer Science
Information Sciences

Keywords

CVSS metrics risk level security measurement severity score vulnerability category.

Powered by PhDFocusTM