Research And Implementation Of Mining Association Between Vulnerabilities

The relevance of vulnerability is of great importance in network security assessment system. By analysis of the relevance of vulnerability, we can draw the attack graph which gives a brief and vivid glance of the network security. Starting from the association of the vulnerabilities, network administrators can locate critical vulnerabilities as soon as possible, taking actions after attack happens. In this way can solid our network security.This paper includes three aspects. First of all, we have a deep observe in the relevance of vulnerabilities. After dealing with mass attack routes and the vulnerabilities which uses, we found that attacker often users multiple vulnerabilities to level up their competence in network host, achieving admin/root user in destination host. We view the vulnerabilities’connection as the most import part of our research in attackers’actions.The relevance of vulnerabilities is grouped to two sets. One is premise set of privileges required before exploit and the other is the post consequences set of privileges after successfully exploited. These two sets are short for the preCon and postCon. These two sets often used as the input of the generation of attack graph. The attack graph uses connection between vulnerabilities to draw the attack route. But the research in this field is limited to uses the CVSS vector which makes the connection is not precise. Different to the former research, in this paper, we uses multiple elements to locate attacker’s authority in preCon set and postCon set, making sure the result is more accurate. These elements are CVSS vector, vulnerabilitydescription, CVSS score, and the percentage of all set value. Second, this article builds a vector model to describe the relevance of the vulnerabilities, bridge the connect element and the vector model, thus makes it easy for the system to work. Moreover, we change the vector to concrete number which makes an easy way for the system to assess the security. Last but not least, the system that we build is made of vulnerability detecting, network information collecting, information processing, vulnerability connected processing and the assessment part.From the result of the system, we found the connect database support the input of this system, generating the attack graph which shows elevation of the attacker’s privilege, thus gives an important input for last assessment sub-modules.