Robust Cyber-threat and Vulnerability Information Analyzer for Dynamic Risk Assessment

Robust Cyber-threat and Vulnerability Information Analyzer for Dynamic Risk Assessment

연구 분야: Strategies

학회: 2021 IEEE International Mediterranean Conference on Communications and Networking (MeditCom)

Cyberspace has been expanding drastically integrating new generation hardware, software, and other devices. The scope of adversary risks expands exponentially as the depth and variety of this integration rises. Attackers can use sophisticated tools and strategies to continually investigate these systems for crippling flaws. To conduct cyber risk analysis, cyber defenders typically rely on cyber-threat information to uncover vulnerabilities, exploitation methodologies, possible impact, and patch availability. The accuracy of the analysis is contingent on the availability and accuracy of the obtained cyber-threat data which is quite challenging to achieve given that multiple sources report them without enough completeness, therefore, it is critical to design a reliable and comprehensive knowledge-base. In this paper, we present Cyber-threats and Vulnerability Information Analyzer (CyVIA), a dynamic, scalable framework for conducting continuous risk assessments of cyber infrastructures. CyVIA leverages concrete ways of analyzing anomalies and is designed to 1) effectively combine vulnerability information from multiple sources into a unified multi-formatted knowledge-base, 2) identify vulnerabilities within a target network, 3) classify vulnerabilities based on their relationships with other vulnerabilities and computing products. We evaluate CyVIA on an industrial network to discover vulnerabilities and discuss their relationships with other vulnerabilities through our results. Furthermore, we identify several inconsistencies observed in various vulnerability information sources so that they can be corrected or removed during risk analysis.