# Network Security Node-Edge Scoring System Using Attack Graph Based on Vulnerability Correlation

^{1}

^{2}

^{3}

^{4}

^{*}

## Abstract

**:**

## 1. Introduction

- To calculate attack route risk score, we collect various types of information (vulnerabilities, CIA, access methods, etc.) about each node and edge present in the network.
- We propose VCGA-SS using CVSS, attack type, and vulnerability correlation, and calculate each of the attack route risk scores based on the collected node and edge information.
- We calculate the attack route risk scores and utilize them to compare attack routes using the calculated node and edge risk value.

## 2. Related Works

#### 2.1. Attack Graph

#### 2.2. Common Vulnerability Scoring System

#### 2.3. Vulnerability Correlation

## 3. Vulnerability Correlation and Attack Graph-Based Node-Edge Scoring System

_{i}and CVE

_{j}vulnerabilities exist, CVE

_{i}steals administrator information through an attack, and CVE

_{j}performs an attack under the precondition that it has the authority of an administrator, then this indicates that CVE

_{i}is an attack that must be carried out before CVE

_{j}is performed. Therefore, the vulnerability correlation analysis identifies the relationship between the vulnerabilities existing between the two nodes. The information collected in this way calculates the individual risk of nodes and edges through the VCAG-SS, and the overall risk score for the attack route is calculated by adding the node risk score and the edge risk score of the attack route. For the node risk, the CVSS score is used, and for the edge risk, the access location, attack type, CIA, and correlation are used. The proposed method calculates the edge weight using the correlation index between vulnerabilities and the CIA values for each access location, attack target, and vulnerability; through this, the node-edge value that provides the optimal route at the minimum cost is identified. The proposed method can be expressed as:

#### 3.1. Access Location

#### 3.2. Attack Type

#### 3.3. CIA Impact by Vulnerability

#### 3.4. Correlation Index between Vulnerabilities

## 4. Experiment

#### 4.1. Data Set

#### 4.2. Priority Evaluation According to Attack Route

^{1}and C

^{2}denotes CVE-2007-5969, CVE-2014-2440. All values related to CVSS were calculated based on version 2.0. The node risk was calculated using the CVSS basic score of the vulnerabilities of each node (PC, server, etc.), and the edge risk was calculated by applying the risk calculation method suggested in Section 3. Regarding the weight of each item of edge risk, the attack location, attack type, and node association were judged to be more important than the CIA, and the weight was calculated while reflecting this.

_{route}risk calculation, along with the risks of nodes and edges, the path route that was calculated based on the total number of nodes passed to reach the final target, node J, is also included. path

_{route}is a value obtained by dividing the maximum number of routes to reach the final goal by the number of corresponding attack routes. The longer the path

_{route}, the lower the value. There were six routes in total, and the nodes and the edges used according to each route were as follows.

## 5. Conclusions

## Author Contributions

## Funding

## Institutional Review Board Statement

## Informed Consent Statement

## Data Availability Statement

## Conflicts of Interest

## References

- Strickland, E. AI agents play hide-and-seek: An OpenAI project demonstrated “emergent behavior” by AI players-[News]. IEEE Spectr.
**2019**, 56, 6–7. [Google Scholar] [CrossRef] - Pridmore, L.; Lardieri, P.; Hollister, R. National Cyber Range (NCR) automated test tools: Implications and application to network-centric support tools. In Proceedings of the 2010 IEEE AUTOTESTCON, Orlando, FL, USA, 13 September 2010; pp. 1–4. [Google Scholar] [CrossRef]
- Yamin, M.M.; Katt, B.; Gkioulos, V. Cyber ranges and security testbeds: Scenarios, functions, tools and architecture. Comput. Secur.
**2020**, 88, 101636. [Google Scholar] [CrossRef] - Jha, S.; Sheyner, O.; Wing, J. Two formal analyses of attack graphs. In Proceedings of the 15th IEEE Computer Security Foundations Workshop, Washington, DC, USA, 24 June 2002; pp. 49–63. [Google Scholar]
- Jajodia, S.; Noel, S.; O’Berry, B. Topological Analysis of Network Attack Vulnerability. In Managing Cyber Threats; Springer: Boston, MA, USA, 2005; pp. 247–266. [Google Scholar] [CrossRef]
- Ingols, K.; Lippmann, R.; Piwowarski, K. Practical attack graph generation for network defense. In Proceedings of the 2006 22nd Annual Computer Security Applications Conference (ACSAC’06), Miami Beach, FL, USA, 11 December 2006; pp. 121–130. [Google Scholar]
- Ammann, P.; Wijesekera, D.; Kaushik, S. Scalable, graph-based network vulnerability analysis. In Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, DC, USA, 18 November 2002; pp. 217–224. [Google Scholar]
- Wang, L.; Noel, S.; Jajodia, S. Minimum-cost network hardening using attack graphs. Comput. Commun.
**2006**, 29, 3812–3824. [Google Scholar] [CrossRef] - Sheyner, O.; Wing, J. Tools for generating and analyzing attack graphs. In International Symposium on Formal Methods for Components and Objects; Springer: Berlin/Heidelberg, Germany, November 2003; pp. 344–371. [Google Scholar]
- Walter, E.; Ferguson-Walter, K.; Ridley, A. Incorporating Deception into CyberBattleSim for Autonomous Defense. arXiv
**2021**, arXiv:2108.13980. [Google Scholar] - Hammar, K.; Stadler, R. Finding Effective Security Strategies through Reinforcement Learning and Self-Play. In Proceedings of the 2020 16th International Conference on Network and Service Management (CNSM), Izmir, Turkey, 2–6 November 2020; pp. 1–9. [Google Scholar] [CrossRef]
- Yoon, S.; Cho, J.-H.; Kim, D.S.; Moore, T.J.; Free-Nelson, F.; Lim, H. Attack Graph-Based Moving Target Defense in Software-Defined Networks. IEEE Trans. Netw. Serv. Manag.
**2020**, 17, 1653–1668. [Google Scholar] [CrossRef] - Gonda, T.; Pascal, T.; Puzis, R.; Shani, G.; Shapira, B. Analysis of Attack Graph Representations for Ranking Vulnerability Fixes. In Proceedings of the Global Conference on Artificial Intelligence, Luxembourg, 17–19 September 2018; pp. 215–228. [Google Scholar] [CrossRef] [Green Version]
- Lu, L.; Safavi-Naini, R.; Hagenbuchner, M.; Susilo, W.; Horton, J.; Yong, S.L.; Tsoi, A.C. Ranking attack graphs with graph neural networks. In Proceedings of the International Conference on Information Security Practice and Experience, Xi’an, China, 13–15 April 2009; pp. 345–359. [Google Scholar]
- Yang, X.; Shunhong, S.; Yuliang, L. Vulnerability ranking based on exploitation and defense graph. In Proceedings of the 2010 International Conference on Information, Networking and Automation (ICINA), Kunming, China, 17–19 October 2010; pp. V1-163–V1-167. [Google Scholar] [CrossRef]
- Spanos, G.; Sioziou, A.; Angelis, L. WIVSS: A new methodology for scoring information systems vulnerabilities. In Proceedings of the 17th Panhellenic Conference on Informatics, Thessaloniki, Greece, 19–21 September 2013; pp. 83–90. [Google Scholar]
- Jacobs, J.; Romanosky, S.; Edwards, B.; Adjerid, I.; Roytman, M. Exploit Prediction Scoring System (EPSS). Digit. Threat. Res. Pract.
**2021**, 2, 1–17. [Google Scholar] [CrossRef] - Gallon, L.; Bascou, J.J. Using CVSS in attack graphs. In Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security, Vienna, Austria, 22–26 August 2011; pp. 59–66. [Google Scholar]
- Gencer, K.; Başçiftçi, F. The fuzzy common vulnerability scoring system (F-CVSS) based on a least squares approach with fuzzy logistic regression. Egypt. Inform. J.
**2020**, 22, 145–153. [Google Scholar] [CrossRef] - Allouzi, M.A.; Khan, J.I. Identifying and modeling security threats for IoMT edge network using Markov chain and common vulnerability scoring system (CVSS). arXiv
**2021**, arXiv:2104.11580. [Google Scholar] - Putra, F.G.; Soewito, B. Measurement of Security System Performance on Websites of Personnel Information Systems in Government Using Common Vulnerability Scoring System. J. Pendidik. Tambusai
**2022**, 6, 2949–2957. [Google Scholar] - Kai, S.; Zheng, J.; Shi, F.; Lu, Z. A CVSS-based Vulnerability Assessment Method for Reducing Scoring Error. In Proceedings of the 2021, 2nd International Conference on Electronics, Communications and Information Technology (CECIT), Sanya, China, 27–29 December 2021; pp. 25–32. [Google Scholar] [CrossRef]
- Reyes, J.; Fuertes, W.; Arévalo, P.; Macas, M. An Environment-Specific Prioritization Model for Information-Security Vulnerabilities Based on Risk Factor Analysis. Electronics
**2022**, 11, 1334. [Google Scholar] [CrossRef] - Li, Z.-Y.; Xie, C.-H.; Tao, R.; Zhang, H.; Shi, N. A Network Security Analysis Method Using Vulnerability Correlation. In Proceedings of the 2009 Fifth International Conference on Natural Computation, Tianjian, China, 14–16 August 2009; pp. 17–21. [Google Scholar] [CrossRef]
- Ali, M.U.; Aydi, H.; Batool, A.; Parvaneh, V.; Saleem, N. Single and Multivalued Maps on Parametric Metric Spaces Endowed with an Equivalence Relation. Adv. Math. Phys.
**2022**, 2022, 6188108. [Google Scholar] [CrossRef] - Zhou, M.; Saleem, N.; Liu, X.-L.; Özgür, N. On two new contractions and discontinuity on fixed points. AIMS Math.
**2022**, 7, 1628–1663. [Google Scholar] [CrossRef] - Saleem, N.; Zhou, M.; Bashir, S.; Husnine, S.M. Some new generalizations of F-contraction type mappings that weaken certain conditions on Caputo fractional type differential equations. AIMS Math.
**2021**, 6, 12718–12742. [Google Scholar] [CrossRef] - Kalsoom, A.; Saleem, N.; Işık, H.; Al-Shami, T.M.; Bibi, A.; Khan, H. Fixed Point Approximation of Monotone Nonexpansive Mappings in Hyperbolic Spaces. J. Funct. Spaces
**2021**, 2021, 3243020. [Google Scholar] [CrossRef] - Liang, L.; Yang, J.; Liu, G.; Zhu, G.; Yang, Y. Novel method of assessing network security risks based on vulnerability correlation graph. In Proceedings of the 2012 2nd International Conference on Computer Science and Network Technology, Changchun, China, 29–31 December 2012; pp. 1085–1090. [Google Scholar]
- Nan, X.; Chen, R.; Tian, H.; Liu, Y. Network Situation Risk Assessment Based on Vulnerability Correlation Analysis. In Proceedings of the 2021 IEEE International Conference on Progress in Informatics and Computing (PIC), Shanghai, China, 17–19 December 2021; pp. 330–334. [Google Scholar]
- Debnath, J.K.; Xie, D. CVSS-based Vulnerability and Risk Assessment for High Performance Computing Networks. In Proceedings of the 2022 IEEE International Systems Conference (SysCon), Montreal, QC, Canada, 25 April–23 May 2022; pp. 1–8. [Google Scholar] [CrossRef]
- CVE Detail. Available online: https://www.cvedetails.com/vulnerabilities-by-types.php (accessed on 30 May 2022).
- FiRst. Available online: https://www.first.org/cvss/ (accessed on 30 May 2022).

Type | CVSS Version | ||
---|---|---|---|

1.0 | 2.0 | 3.0++ | |

Network | 1.0 | 1.0 | 0.85 |

Adjacent network | - | 0.646 | 0.62 |

Local | 0.7 | 0.395 | 0.55 |

Physical | - | - | 0.20 |

Node i | |||||
---|---|---|---|---|---|

Network | Adjacent Network | Local | Physical | ||

Node j | network | 0.7725 | 0.527 | 0.4675 | 0.17 |

adjacent network | - | 0.3844 | 0.341 | 0.124 | |

Local | - | - | 0.3025 | 0.11 | |

physical | - | - | - | 0.04 |

**Table 3.**Number of identifications by attack target that occurred in 2021 [32].

DoS | Code Execution | Overflow | Memory Corruption |

1836 | 3843 | 1680 | 484 |

XSS | Directory Traversal | Http response Splitting | Bypass something |

2703 | 503 | 5 | 874 |

Gain Privileges | CSRF | File Inclusion | |

260 | 504 | 46 |

Type | CVSS Version | ||
---|---|---|---|

1.0 | 2.0 | 3.0++ | |

High | 1.0 | 0.66 | 0.56 |

Low | 0.7 | 0.275 | 0.22 |

None | 0.0 | 0.0 | 0.0 |

${\mathit{v}}_{\mathit{i}}$ | |||
---|---|---|---|

${\mathit{v}}_{\mathit{i}}\in {\mathit{v}}_{\mathit{l}}$ | ${\mathit{v}}_{\mathit{i}}\notin {\mathit{v}}_{\mathit{l}}$ | ||

${\mathit{v}}_{\mathit{l}}$ | ${\mathit{v}}_{\mathit{i}}\in {\mathit{v}}_{\mathit{l}}$ | 5 | 3 |

${\mathit{v}}_{\mathit{i}}\notin {\mathit{v}}_{\mathit{l}}$ | 3 | 1 |

Node | Node Risk | Node | Node Risk |
---|---|---|---|

A | 0 | F | 2.1 |

B | 5 | G | 6.25 |

C^{1} | 7.1 | H | 4.6 |

C^{2} | 5.1 | I | 6.4 |

D | 7.2 | J | 2.1 |

E | 2.1 |

Edge | Edge Risk | Edge | Edge Risk |
---|---|---|---|

A-B | 2.4664 | D-H | 3.2968 |

A-C^{1} | 3.9514 | D-I | 2.1914 |

A-C^{2} | 2.7964 | D-G | 2.6864 |

B-D | 3.6214 | G-D | 7.6214 |

C-G | 7.7026 | G-I | 2.4114 |

D-E | 5.9976 | I-J | 1.9164 |

D-F | 1.9976 |

Attack Route | Node and Edge | Attack Route | Node and Edge |
---|---|---|---|

Route 1 | a-b-d-i-j | Route 4 | a-c_{1}-g-d-i-j |

Route 2 | a-d-b-g-i-j | Route 5 | a-c_{2}-g-i-j |

Route 3 | a-c_{1}-g-i-j | Route 6 | a-c_{2}-g-d-i-j |

Attack Route (Path) | VCAG-SS Score | Attack Route (Path) | VCAG-SS Score |
---|---|---|---|

Route 1 (5) | 3.7075 | Route 4 (6) | 5.2433 |

Route 2 (6) | 4.0052 | Route 5 (5) | 4.1612 |

Route 3 (5) | 4.5398 | Route 6 (6) | 4.9278 |

Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |

© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Shin, G.-Y.; Hong, S.-S.; Lee, J.-S.; Han, I.-S.; Kim, H.-K.; Oh, H.-R.
Network Security Node-Edge Scoring System Using Attack Graph Based on Vulnerability Correlation. *Appl. Sci.* **2022**, *12*, 6852.
https://doi.org/10.3390/app12146852

**AMA Style**

Shin G-Y, Hong S-S, Lee J-S, Han I-S, Kim H-K, Oh H-R.
Network Security Node-Edge Scoring System Using Attack Graph Based on Vulnerability Correlation. *Applied Sciences*. 2022; 12(14):6852.
https://doi.org/10.3390/app12146852

**Chicago/Turabian Style**

Shin, Gun-Yoon, Sung-Sam Hong, Jung-Sik Lee, In-Sung Han, Hwa-Kyung Kim, and Haeng-Rok Oh.
2022. "Network Security Node-Edge Scoring System Using Attack Graph Based on Vulnerability Correlation" *Applied Sciences* 12, no. 14: 6852.
https://doi.org/10.3390/app12146852