CANVuS: Context-Aware Network Vulnerability Scanning

Xu, Yunjing; Bailey, Michael; Weele, Eric Vander; Jahanian, Farnam

doi:10.1007/978-3-642-15512-3_8

Cited by 5 publications

(6 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…No breakdown of technology is given and there is little evidence of PVS being used successfully on a range of networks. Seeing as this source is provided by Tenable, the validity of the claims in this paper could be considered biased, whereas Xu et al [17] and Gonzalez and Papa [18] and Myers et al [22] clearly identify how passive technology works and give examples of live experiments. From the information provided within these sources it seems that the use of passive network sniffers over a longer period of time is the most beneficial and nonintrusive way of performing reconnaissance on SCADA systems.…”

Section: Passive Vulnerability Scanner (Pvs)mentioning

confidence: 97%

“…What is interesting within this paper is that PVS and passive scanning as a whole are associated with the "sniffing of a network, as opposed to scanning." Both Xu et al [17] and Gonzalez and Papa [18] fail to elaborate on this underlying detail. Contrary to initial expectations, Deraison and Gula [20] fail to discuss how PVS or any other passive system achieves its goals as an unobtrusive scanner.…”

Section: Passive Vulnerability Scanner (Pvs)mentioning

confidence: 99%

“…An observation point is set up on the network, requiring assistance from network administrators or network engineers to configure these systems for optimum results. As referenced in Xu et al [17] passive scanners can be run continuously for large periods of time without disrupting regular network traffic or interacting with the devices themselves, as the input data for passive scanning tools is a direct feed of the network's traffic. This means that algorithms can be created in order to dissect each protocol.…”

Section: Passive Scanningmentioning

confidence: 99%

“…As referenced in both Bartlett et al [13] and Deraison and Gula [20] active methods require some form of interaction with the devices on the network, which could be one of the potential ramifications of using active tools against SCADA devices, as opposed to the passive methodologies discussed in Xu et al [17] which run for a longer period at an "observation point" on the network, removing the need to send or receive data from any devices that are connected.…”

Section: Active Probingmentioning

confidence: 99%

See 3 more Smart Citations

Vulnerability Analysis of Network Scanning on SCADA Systems

Coffey

Smith

Μαγλαράς

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Supervisory Control and Data Acquisition (SCADA) systems and Industrial Control Systems (ICSs) have controlled the regulation and management of Critical National Infrastructure environments for decades. With the demand for remote facilities to be controlled and monitored, industries have continued to adopt Internet technology into their ICS and SCADA systems so that their enterprise can span across international borders in order to meet the demand of modern living. Although this is a necessity, it could prove to be potentially dangerous. The devices that make up ICS and SCADA systems have bespoke purposes and are often inherently vulnerable and difficult to merge with newer technologies. The focus of this article is to explore, test, and critically analyse the use of network scanning tools against bespoke SCADA equipment in order to identify the issues with conducting asset discovery or service detection on SCADA systems with the same tools used on conventional IP networks. The observations and results of the experiments conducted are helpful in evaluating their feasibility and whether they have a negative impact on how they operate. This in turn helps deduce whether network scanners open a new set of vulnerabilities unique to SCADA systems.

show abstract

Section: Passive Vulnerability Scanner (Pvs)mentioning

confidence: 97%

Section: Passive Vulnerability Scanner (Pvs)mentioning

confidence: 99%

Section: Passive Scanningmentioning

confidence: 99%

Section: Active Probingmentioning

confidence: 99%

See 2 more Smart Citations

Vulnerability Analysis of Network Scanning on SCADA Systems

Coffey

Smith

Μαγλαράς

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…The size of enterprise networks could make vulnerability scanning prohibitively expensive [31]. Our abstraction technique provides a possible angle to address this problem.…”

Section: Related Workmentioning

confidence: 99%

Effective Network Vulnerability Assessment through Model Abstraction

Zhang

Homer

2011

Detection of Intrusions and Malware, and Vulnerability Assessment

View full text Add to dashboard Cite

Abstract. A significant challenge in evaluating network security stems from the scale of modern enterprise networks and the vast number of vulnerabilities regularly found in software applications. A common technique to deal with this complexity is attack graphs, where a tool automatically computes all possible ways a system can be broken into by analyzing the configuration of each host, the network, and the discovered vulnerabilities. Past work has proposed methodologies that post-process "raw" attack graphs so that the result can be abstracted and becomes easier for a human user to grasp. We notice that, while visualization is a major problem caused by the multitude of attack paths in an attack graph, a more severe problem is the distorted risk picture it renders to both human users and quantitative vulnerability assessment models. We propose that abstraction be done before attack graphs are computed, instead of after. This way we can prevent the distortion in quantitative vulnerability assessment metrics, at the same time improving visualization as well. We developed an abstract network model generator that, given reachability and configuration information of a network, provides an abstracted model with much more succinct information about the system than the raw model. The model is generated by grouping hosts based on their network reachability and vulnerability information, as well as grouping vulnerabilities with similar exploitability. We show that the attack graphs generated from this type of abstracted inputs are not only much smaller, but also provide more realistic quantitative vulnerability metrics for the whole system. We conducted experiments on both synthesized and production systems to demonstrate the effectiveness of our approach.

show abstract