Research On Privilege Graph Based Network Risk Evaluation

Privilege Graph is a metrology used to describe a network by digraph. In privilege graph generated by attack scenarios involving all vulnerabilities in the information system, the privilege escalation could be presented by directed arcs. Being different from other Risk Assessment Systems, privilege graph is a method which takes the relationship between every two hosts in the network. The danger caused by multi vulnerabilities in special sequence will be greater than that of only considering vulnerabilities separately. The danger could be quantified more accurately by this method.Many risk assessment system, including the one with privilege graph, need experts to spend a lot of time. CVE dictionary is used to describe the vulnerabilities in the past papers by security experts, however, whether the privilege path could contribute to the privilege escalation path all depends on the experience and analysis by experts. Different experience and network environment will cause the privilege graph different, which makes the process of risk assessment harder. It is possible to use data mining to learn the rules of whether vulnerability in a very environment could generate an arc or edge in the graph. Data mining could be used for KDD by a large amount of statistic vulnerability data in real world. The automatic generation of the privilege graph by data mining analyzing could be more efficient.In this paper, we list the development of risk assessment briefly at first. Then the risk assessment model of privilege graph is introduced. The model of privilege graph mentioned in some papers has some points which does not make sense in theory. In this paper, the model is improved. After that, we do some research in CVE dictionary about the vulnerabilities themselves. It is essential to find out whether vulnerability in a special network environment could generate an arc in the graph. Finally, a data mining example format is created based on CVE dictionary, furthermore, some classification method are used to generate the rules to demonstrate the possibility to generate the graph automatically.