Automated Classification of Attacker Privileges Based on Deep Neural Network

  • Hailong LiuEmail author
  • Bo Li
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11910)


Attack graphs generated from the detected vulnerabilities in a network depict all possible attack paths that an intruder can take. Conventional approaches to generating attack graphs require well-categorized data of prerequisites and postconditions for the identified vulnerabilities. However, generating them in an automated way is an open issue. Hence automatic classification methods are desirable to effectively generate attacker privilege fields as prerequisites and postconditions, improve the generation of the attack graph, and reduce the security risks of the system. In this paper, we propose a new automatic attacker privilege model (IG-DNN). The information gain (IG) is used for obtaining an optimal set of feature words from vulnerability description, and the deep neural network model is served as an automatic attacker privilege classifier. We use the National Vulnerability Database (NVD) to validate the effectiveness of the IG-DNN model. We observe that prerequisite and postcondition privileges can be generated with overall average F-measure of 99.53% and 98.90% with the IG-DNN models, respectively. Moreover, compared with Naïve Bayes, KNN, and SVM, the IG-DNN model has achieved the best performance in precision, recall, and F-measure.


Deep neural network Information gain Vulnerability Software security Attacker privilege 


  1. 1.
    Aksu, M.U., Bicakci, K., Dilek, M.H., Ozbayoglu, A.M., et al.: Automated generation of attack graphs using NVD. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 135–142. ACM (2018)Google Scholar
  2. 2.
    Aksu, M.U., Dilek, M.H., Tatlı, E.İ., Bicakci, K., Dirik, H.I., Demirezen, M.U., Aykır, T.: A quantitative CVSS-based cyber security risk assessment methodology for it systems. In: 2017 International Carnahan Conference on Security Technology (ICCST), pp. 1–8. IEEE (2017)Google Scholar
  3. 3.
    Cheikes, B.A., Cheikes, B.A., Kent, K.A., Waltermire, D.: Common platform enumeration: naming specification version 2.3. US Department of Commerce, National Institute of Standards and Technology (2011)Google Scholar
  4. 4.
    Conneau, A., Schwenk, H., Barrault, L., Lecun, Y.: Very deep convolutional networks for text classification. arXiv preprint arXiv:1606.01781 (2016)
  5. 5.
    Gray, R.M.: Entropy and Information Theory. Springer, Heidelberg (2011). Scholar
  6. 6.
    Hassan, A., Mahmood, A.: Convolutional recurrent deep learning model for sentence classification. IEEE Access 6, 13949–13957 (2018)CrossRefGoogle Scholar
  7. 7.
    Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: 2006 22nd Annual Computer Security Applications Conference (ACSAC 2006), pp. 121–130. IEEE (2006)Google Scholar
  8. 8.
    Jajodia, S., Noel, S., Oberry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats, pp. 247–266. Springer, Heidelberg (2005). Scholar
  9. 9.
    Kaynar, K.: A taxonomy for attack graph generation and usage in network security. J. Inf. Secur. Appl. 29, 27–56 (2016)Google Scholar
  10. 10.
    Kim, Y.: Convolutional neural networks for sentence classification. arXiv preprint arXiv:1408.5882 (2014)
  11. 11.
    Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)
  12. 12.
    Lippmann, R.P., Ingols, K.W., Piwowarski, K.J.: Generating a multiple-prerequisite attack graph, 17 May 2016. US Patent 9,344,444Google Scholar
  13. 13.
    Loper, E., Bird, S.: NLTK: the natural language toolkit. arXiv preprint cs/0205028 (2002)Google Scholar
  14. 14.
    Loria, S., Keen, P., Honnibal, M., Yankovsky, R., Karesh, D., Dempsey, E., et al.: Textblob: simplified text processing. Simplified Text Processing, Secondary TextBlob (2014)Google Scholar
  15. 15.
    Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system version 2.0. In: Published by FIRST-Forum of Incident Response and Security Teams, vol. 1, p. 23 (2007)Google Scholar
  16. 16.
    Qiu, H., Kapusta, K., Lu, Z., Qiu, M., Memmi, G.: All-or-nothing data protection for ubiquitous communication: Challenges and perspectives. Information Sciences (2019)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Salahi, A., Ansarinia, M.: Predicting network attacks using ontology-driven inference. arXiv preprint arXiv:1304.0913 (2013)
  18. 18.
    Silver, D., et al.: Mastering the game of go with deep neural networks and tree search. Nature 529(7587), 484 (2016)CrossRefGoogle Scholar
  19. 19.
    Singhal, A., Ou, X.: Security risk analysis of enterprise networks using probabilistic attack graphs. Network Security Metrics, pp. 53–73. Springer, Cham (2017). Scholar
  20. 20.
    Team C: Common vulnerability scoring system V3. 0: specification document. (2015)Google Scholar
  21. 21.
    Wang, H., Chen, Z., Zhao, J., Di, X., Liu, D.: A vulnerability assessment method in industrial internet of things based on attack graph and maximum flow. IEEE Access 6, 8599–8609 (2018)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Beijing Advanced Innovation Center for Big Data and Brain ComputingBeihang UniversityBeijingChina

Personalised recommendations