Sciweavers

ISF
2008

An OVAL-based active vulnerability assessment system for enterprise computer networks

14 years 13 days ago
An OVAL-based active vulnerability assessment system for enterprise computer networks
Abstract Many security problems are caused by vulnerabilities hidden in enterprise computer networks. It is very important for system administrators to have knowledge about the security vulnerabilities. However, current vulnerability assessment methods may encounter the issues of high false positive rates, long computational time, and requirement of developing attack codes. Moreover, they are only capable of locating individual vulnerabilities on a single host without considering correlated effect of these vulnerabilities on a host or a section of network with the vulnerabilities possibly distributed among different hosts. To address these issues, an active vulnerability assessment system NetScope with C/S architecture is developed for evaluating computer network security based on open vulnerability assessment language instead of simulating attacks. The vulnerabilities and known attacks with their prerequisites and consequences are modeled based on predicate logic theory and are correl...
Xiuzhen Chen, Qinghua Zheng, Xiaohong Guan
Added 12 Dec 2010
Updated 12 Dec 2010
Type Journal
Year 2008
Where ISF
Authors Xiuzhen Chen, Qinghua Zheng, Xiaohong Guan
Comments (0)