|
A framework for automating environmental vulnerability analysis of network services
|
Authors: Dimitris Koutras, Panayiotis Kotzanikolaou, Evangelos Paklatzis, Christos Grigoriadis, Christos Douligeris
Status: Final
Date of publication: 12 March 2024
Published in: ITU Journal on Future and Evolving Technologies, Volume 5 (2024), Issue 1, Pages 104-119
Article DOI : https://doi.org/10.52953/TBFN5500
|
Abstract:
The primary objective of this paper is to introduce a comprehensive framework designed to automate the assessment of environmental vulnerability status of communication protocols and networked services, within operational contexts. The proposed algorithm leverages the Common Vulnerability Scoring System version 3 (CVSS 3) metrics in conjunction with network security data. The initial step involves the establishment of a network security ontology, which serves to model the environmental attributes associated with the current security posture of communication protocol channels available within an infrastructure. The process commences with the identification and enumeration of all active communication services through a combination of diverse information gathering tools. Subsequently, active network services undergo assessment using a blend of passive scanning and active security analysis tools, which produce the environmental security score. This score can be integrated into vulnerability scoring systems such as CVSS, facilitating the fine-tuning of base CVSS scores, as well as vulnerability mitigation in real-world environments. To validate the proposed framework, we conducted testing across various networks and communication protocols within a controlled environment, thereby offering tangible illustrations for widely-utilized communication protocols. |
Keywords: Communication protocols, CVSS environmental score, network security ontology
Rights: © International Telecommunication Union, available under the CC BY-NC-ND 3.0 IGO license.
|
|
| ITEM DETAIL | ARTICLE | PRICE | |
|---|
ENGLISH 
Full article (PDF) |
|
| 0
| Free of charge | DOWNLOAD |
|
|
| |
