Detecting known host security flaws over a network connection
نویسنده
چکیده
To test if a host contains any known security flaws over a network connection a Vulnerability Assessment (VA) could be made. This thesis describes different techniques used by VA tools over a network connection to detect known security flaws. To decrease the risk of flaws not being detected, several VA tools could be used. There is no common way of merging information from different VA tools. Therefore the Vulnerability Assessment Information Handler (VAIH) has been developed. The VAIH system consists of three parts. First, a intermediate language format defined in XML. Second, modules that converts the output of VA tools to the intermediate language format. Third, a program for reading and displaying the intermediate language format. The VAIH system makes it possible to merge the results from vulnerability assessment tools into one file that can be displayed and edited through a GUI. Key-words: Vulnerability assessment, computer security, host security, network security, detecting security flaws.
منابع مشابه
An Extensible Framework for Detecting Database Security Flaws
Knowing flaws existing in a database security system is very useful for database protection. Database security flaws come from various sources, not only from network, database management systems, but also from the way an administrator manages a database system. Even then, to the best of our knowledge, existing researches for detecting security flaws mostly focus on the network environment, but ...
متن کاملDetecting Connection-Chains: A Data Mining Approach
A connection-chain refers to a mechanism in which someone recursively logs into a host, then from there logs into another host, and so on. Connection-chains represent an important vector in many security attacks, so it is essential to be able to detect them. In this paper, we propose a host-based algorithm to detect them. We adopt a black-box approach by passively monitoring inbound and outboun...
متن کاملDetecting Active Bot Networks Based on DNS Traffic Analysis
Abstract—One of the serious threats to cyberspace is the Bot networks or Botnets. Bots are malicious software that acts as a network and allows hackers to remotely manage and control infected computer victims. Given the fact that DNS is one of the most common protocols in the network and is essential for the proper functioning of the network, it is very useful for monitoring, detecting and redu...
متن کاملManual for Slede Annotation Language
Verifying sensor network security protocol implementations using testing/simulation might leave some flaws undetected. Formal verification techniques have been very successful in detecting faults in security protocol specifications; however, they generally require building a formal description (model) of the protocol. Building accurate models is hard, thus hindering the application of formal ve...
متن کاملString Kernel Based SVM for Internet Security Implementation
For network intrusion and virus detection, ordinary methods detect malicious network traffic and viruses by examining packets, flow logs or content of memory for any signatures of the attack. This implies that if no signature is known/created in advance, attack detection will be problematical. Addressing unknown attacks detection, we develop in this paper a network traffic and spam analyzer usi...
متن کامل