Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.11851/1958
Full metadata record
DC FieldValueLanguage
dc.contributor.authorAksu, M. Uğur-
dc.contributor.authorBıçakcı, Kemal-
dc.contributor.authorDilek, M. H.-
dc.contributor.authorÖzbayoğlu, Ahmet Murat-
dc.contributor.authorTatlı, E. İ.-
dc.date.accessioned2019-07-10T14:42:42Z
dc.date.available2019-07-10T14:42:42Z
dc.date.issued2018
dc.identifier.citationAksu, M. U., Bicakci, K., Dilek, M. H., & Ozbayoglu, A. M. (2018, March). Automated Generation of Attack Graphs Using NVD. In Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy (pp. 135-142). ACM.en_US
dc.identifier.isbn978-145035632-9
dc.identifier.urihttps://dl.acm.org/citation.cfm?doid=3176258.3176339-
dc.identifier.urihttps://hdl.handle.net/20.500.11851/1958-
dc.description8th ACM Conference on Data and Application Security and Privacy (2018 : Tempe; United States)
dc.description.abstractToday’s computer networks are prone to sophisticated multi-step, multi-host attacks. Common approaches of identifying vulnerabilities and analyzing the security of such networks with naive methods such as counting the number of vulnerabilities, or examining the vulnerabilities independently produces incomprehensive and limited security assessment results. On the other hand, attack graphs generated from the identified vulnerabilities at a network illustrate security risks via attack paths that are not apparent with the results of the primitive approaches. One common technique of generating attack graphs requires well established definitions and data of prerequisites and postconditions for the known vulnerabilities. A number of works suggest prerequisite and postcondition categorization schemes for software vulnerabilities. However, generating them in an automated way is an open issue. In this paper, we first define a model that evolves over the previous works to depict the requirements of exploiting vulnerabilities for generating attack graphs. Then we describe and compare the results of two different novel approaches (rule-based and machine learning-employed) that we propose for generating attacker privilege fields as prerequisites and postconditions from the National Vulnerability Database (NVD) in an automated way. We observe that prerequisite and postcondition privileges can be generated with overall accuracy rates of 88,8 % and 95,7 % with rule-based and machine learning-employed (Multilayer Perceptron) models respectively.en_US
dc.description.sponsorshipACM SIGSAC
dc.language.isoenen_US
dc.publisherAssociation for Computing Machinery, Inc.en_US
dc.relation.ispartofCODASPY 2018 - Proceedings of the 8th ACM Conference on Data and Application Security and Privacyen_US
dc.rightsinfo:eu-repo/semantics/closedAccessen_US
dc.subjectNetwork securityen_US
dc.subjectIntrusion detectionen_US
dc.subjectalert correlationen_US
dc.titleAutomated Generation of Attack Graphs Using Nvden_US
dc.typeConference Objecten_US
dc.departmentFaculties, Faculty of Engineering, Department of Computer Engineeringen_US
dc.departmentFakülteler, Mühendislik Fakültesi, Bilgisayar Mühendisliği Bölümütr_TR
dc.identifier.startpage135
dc.identifier.endpage142
dc.authorid0000-0001-7998-5735-
dc.authorid0000-0002-2378-8027-
dc.identifier.wosWOS:000492951400016en_US
dc.identifier.scopus2-s2.0-85052013306en_US
dc.institutionauthorBıçakcı, Kemal-
dc.institutionauthorÖzbayoğlu, Ahmet Murat-
dc.identifier.doi10.1145/3176258.3176339-
dc.relation.publicationcategoryKonferans Öğesi - Uluslararası - Kurum Öğretim Elemanıen_US
item.openairetypeConference Object-
item.languageiso639-1en-
item.grantfulltextnone-
item.fulltextNo Fulltext-
item.openairecristypehttp://purl.org/coar/resource_type/c_18cf-
item.cerifentitytypePublications-
crisitem.author.dept02.3. Department of Computer Engineering-
crisitem.author.dept02.1. Department of Artificial Intelligence Engineering-
Appears in Collections:Bilgisayar Mühendisliği Bölümü / Department of Computer Engineering
Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection
WoS İndeksli Yayınlar Koleksiyonu / WoS Indexed Publications Collection
Show simple item record



CORE Recommender

SCOPUSTM   
Citations

11
checked on Dec 21, 2024

WEB OF SCIENCETM
Citations

28
checked on Nov 9, 2024

Page view(s)

166
checked on Dec 23, 2024

Google ScholarTM

Check




Altmetric


Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.