Abstract
Attack graphs generated from the detected vulnerabilities in a network depict all possible attack paths that an intruder can take. Conventional approaches to generating attack graphs require well-categorized data of prerequisites and postconditions for the identified vulnerabilities. However, generating them in an automated way is an open issue. Hence automatic classification methods are desirable to effectively generate attacker privilege fields as prerequisites and postconditions, improve the generation of the attack graph, and reduce the security risks of the system. In this paper, we propose a new automatic attacker privilege model (IG-DNN). The information gain (IG) is used for obtaining an optimal set of feature words from vulnerability description, and the deep neural network model is served as an automatic attacker privilege classifier. We use the National Vulnerability Database (NVD) to validate the effectiveness of the IG-DNN model. We observe that prerequisite and postcondition privileges can be generated with overall average F-measure of 99.53% and 98.90% with the IG-DNN models, respectively. Moreover, compared with Naïve Bayes, KNN, and SVM, the IG-DNN model has achieved the best performance in precision, recall, and F-measure.
Supported by National Key R&D Program of China (2018YFB0803500), the 2018 joint Research Foundation of Ministry of Education, China Mobile (5–7) and State Key Laboratory of Software Development Environment (SKLSDE-2018ZX).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Aksu, M.U., Bicakci, K., Dilek, M.H., Ozbayoglu, A.M., et al.: Automated generation of attack graphs using NVD. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 135–142. ACM (2018)
Aksu, M.U., Dilek, M.H., Tatlı, E.İ., Bicakci, K., Dirik, H.I., Demirezen, M.U., Aykır, T.: A quantitative CVSS-based cyber security risk assessment methodology for it systems. In: 2017 International Carnahan Conference on Security Technology (ICCST), pp. 1–8. IEEE (2017)
Cheikes, B.A., Cheikes, B.A., Kent, K.A., Waltermire, D.: Common platform enumeration: naming specification version 2.3. US Department of Commerce, National Institute of Standards and Technology (2011)
Conneau, A., Schwenk, H., Barrault, L., Lecun, Y.: Very deep convolutional networks for text classification. arXiv preprint arXiv:1606.01781 (2016)
Gray, R.M.: Entropy and Information Theory. Springer, Heidelberg (2011). https://doi.org/10.1007/978-1-4419-7970-4
Hassan, A., Mahmood, A.: Convolutional recurrent deep learning model for sentence classification. IEEE Access 6, 13949–13957 (2018)
Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: 2006 22nd Annual Computer Security Applications Conference (ACSAC 2006), pp. 121–130. IEEE (2006)
Jajodia, S., Noel, S., Oberry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats, pp. 247–266. Springer, Heidelberg (2005). https://doi.org/10.1007/0-387-24230-9_9
Kaynar, K.: A taxonomy for attack graph generation and usage in network security. J. Inf. Secur. Appl. 29, 27–56 (2016)
Kim, Y.: Convolutional neural networks for sentence classification. arXiv preprint arXiv:1408.5882 (2014)
Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)
Lippmann, R.P., Ingols, K.W., Piwowarski, K.J.: Generating a multiple-prerequisite attack graph, 17 May 2016. US Patent 9,344,444
Loper, E., Bird, S.: NLTK: the natural language toolkit. arXiv preprint cs/0205028 (2002)
Loria, S., Keen, P., Honnibal, M., Yankovsky, R., Karesh, D., Dempsey, E., et al.: Textblob: simplified text processing. Simplified Text Processing, Secondary TextBlob (2014)
Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system version 2.0. In: Published by FIRST-Forum of Incident Response and Security Teams, vol. 1, p. 23 (2007)
Qiu, H., Kapusta, K., Lu, Z., Qiu, M., Memmi, G.: All-or-nothing data protection for ubiquitous communication: Challenges and perspectives. Information Sciences (2019)
Salahi, A., Ansarinia, M.: Predicting network attacks using ontology-driven inference. arXiv preprint arXiv:1304.0913 (2013)
Silver, D., et al.: Mastering the game of go with deep neural networks and tree search. Nature 529(7587), 484 (2016)
Singhal, A., Ou, X.: Security risk analysis of enterprise networks using probabilistic attack graphs. Network Security Metrics, pp. 53–73. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66505-4_3
Team C: Common vulnerability scoring system V3. 0: specification document. First.org (2015)
Wang, H., Chen, Z., Zhao, J., Di, X., Liu, D.: A vulnerability assessment method in industrial internet of things based on attack graph and maximum flow. IEEE Access 6, 8599–8609 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Liu, H., Li, B. (2019). Automated Classification of Attacker Privileges Based on Deep Neural Network. In: Qiu, M. (eds) Smart Computing and Communication. SmartCom 2019. Lecture Notes in Computer Science(), vol 11910. Springer, Cham. https://doi.org/10.1007/978-3-030-34139-8_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-34139-8_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34138-1
Online ISBN: 978-3-030-34139-8
eBook Packages: Computer ScienceComputer Science (R0)