Vulnerabilities represent one of the main weaknesses of IT systems and the availability of consolidated official data, like CVE (Common Vulnerabilities and Exposures), allows for using them to compute the paths an attacker is likely to follow. However, even if patches are available, business constraints or lack of resources create obstacles to their straightforward application. As a consequence, the security manager of a network needs to deal with a large number of vulnerabilities, making decisions on how to cope with them. This paper presents VULNUS (VULNerabilities visUal aSsessment), a visual analytics solution for dynamically inspecting the vulnerabilities spread on networks, allowing for a quick understanding of the network status and visually classifying nodes according to their vulnerabilities. Moreover, VULNUS computes the approximated optimal sequence of patches able to eliminate all the attack paths and allows for exploring sub-optimal patching strategies, simulating the effect of removing one or more vulnerabilities. VULNUS has been evaluated by domain experts using a lab-test experiment, investigating the effectiveness and efficiency of the proposed solution.
Vulnus: Visual Vulnerability Analysis for Network Security / Angelini, Marco; Blasilli, Graziano; Catarci, Tiziana; Lenti, Simone; Santucci, Giuseppe. - In: IEEE TRANSACTIONS ON VISUALIZATION AND COMPUTER GRAPHICS. - ISSN 1077-2626. - 25:1(2019), pp. 183-192. [10.1109/TVCG.2018.2865028]
Vulnus: Visual Vulnerability Analysis for Network Security
Angelini, Marco
;Blasilli, Graziano;Catarci, Tiziana
;LENTI, SIMONE
;Santucci, Giuseppe
2019
Abstract
Vulnerabilities represent one of the main weaknesses of IT systems and the availability of consolidated official data, like CVE (Common Vulnerabilities and Exposures), allows for using them to compute the paths an attacker is likely to follow. However, even if patches are available, business constraints or lack of resources create obstacles to their straightforward application. As a consequence, the security manager of a network needs to deal with a large number of vulnerabilities, making decisions on how to cope with them. This paper presents VULNUS (VULNerabilities visUal aSsessment), a visual analytics solution for dynamically inspecting the vulnerabilities spread on networks, allowing for a quick understanding of the network status and visually classifying nodes according to their vulnerabilities. Moreover, VULNUS computes the approximated optimal sequence of patches able to eliminate all the attack paths and allows for exploring sub-optimal patching strategies, simulating the effect of removing one or more vulnerabilities. VULNUS has been evaluated by domain experts using a lab-test experiment, investigating the effectiveness and efficiency of the proposed solution.| File | Dimensione | Formato | |
|---|---|---|---|
|
Angelini_Vulnus_2019.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
1.19 MB
Formato
Adobe PDF
|
1.19 MB | Adobe PDF | Contatta l'autore |
|
Angelini_preprint_Vulnus_2019.pdf
accesso aperto
Note: https://ieeexplore.ieee.org/document/8443131
Tipologia:
Documento in Pre-print (manoscritto inviato all'editore, precedente alla peer review)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
1.97 MB
Formato
Adobe PDF
|
1.97 MB | Adobe PDF |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
