Network Monitoring and Enumerating Vulnerabilities in Large Heterogeneous Networks

Laštovička, Martin; Husák, Martin; Sadlek, Lukas

doi:10.1109/noms47738.2020.9110394

Cited by 10 publications

(18 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This design based on multiple agents is scalable to allow the incorporation of other protocols in the collection and analysis of the data to convert it into information or present it in the form of a report or graphical interface. It can be used at the level of energy consumption calculation, in a similar way as those presented in the literature (Laštovička et al, 2020;Jin et al, 2019;Allahham and Rahman, 2018), with the great difference of reducing the number of sensors required, that is, the hardware component is reduced through the estimation of energy levels based on theoretical models, and some agent of the developed system is in charge of computing them.…”

Section: Discussionmentioning

confidence: 99%

“…Finally, network monitoring has evolved into the field of cybersecurity as a monitoring system on a campus and industry infrastructure to identify and mitigate potential vulnerabilities (Laštovička et al, 2020), in addition to analyzing the network flow with recurring neural networks (Yang et al, 2020), wireless analysis (Jin et al, 2019;Allahham and Rahman, 2018), or risk assessment (Awang et al, 2020).…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Design and Implementation of Network Monitoring System for Campus Infrastructure Using Software Agents

et al. 2021

View full text Add to dashboard Cite

In network management and monitoring systems, or Network Management Stations (NMS), the Simple Network monitoring Protocol (SNMP) is normally used, with which it is possible to obtain information on the behavior, the values of the variables, and the status of the network architecture. network. However, for large corporate networks, the protocol can present latency in data collection and processing, thus making real-time monitoring difficult. This article proposes a multi-agent system based on layers, with three types of agents. This includes the collector agent, which uses a Management Information Base (MIB) value to collect information from the network equipment, an input table of information from the network devices for the consolidator agent to process the collected data and leave it in a consumable format, and its subsequent representation by the application agent as a web service, in this case, as a heat map.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Design and Implementation of Network Monitoring System for Campus Infrastructure Using Software Agents

et al. 2021

View full text Add to dashboard Cite

show abstract

“…OS fingerprinting captures network connection properties, such as TCP window size and Time to Live (TTL), to infer the device's operating system. Passive OS fingerprinting from IP flow was used by Laštovička et al [23] to enumerate vulnerabilities in large networks.…”

Section: State Of the Artmentioning

confidence: 99%

“…Vulnerability Discovery Precision: Another issue of vulnerability discovery is a lot of false positives. Methods that have extensive coverage (e.g., based on OS fingerprinting) can be imprecise or will not reveal sufficient details [23]. It causes employees to spend much time validating vulnerabilities [14], e.g., using vulnerability scanners that can use automated vulnerability exploits to confirm true positives.…”

Section: Challengesmentioning

confidence: 99%

See 1 more Smart Citation

Current Challenges of Cyber Threat and Vulnerability Identification Using Public Enumerations

Sadlek,

Čeleda,

Tovarňák

2022

Preprint

View full text Add to dashboard Cite

Identification of cyber threats is one of the essential tasks for security teams. Currently, cyber threats can be identified using knowledge organized into various formats, enumerations, and knowledge bases. This paper studies the current challenges of identifying vulnerabilities and threats in cyberspace using enumerations and data about assets. Although enumerations are used in practice, we point out several issues that still decrease the quality of vulnerability and threat identification. Since vulnerability identification methods are based on network monitoring and agents, the issues are related to the asset discovery, the precision of vulnerability discovery, and the amount of data. On the other hand, threat identification utilizes graph-based, nature-language, machine-learning, and ontological approaches. The current trend is to propose methods that utilize tactics, techniques, and procedures instead of low-level indicators of compromise to make cyber threat identification more mature. Cooperation between standards from threat, vulnerability, and asset management is also an unresolved issue confirmed by analyzing relationships between public enumerations and knowledge bases. Last, we studied the usability of techniques from the MITRE ATT&CK knowledge base for threat modeling using network monitoring to capture data. Although network traffic is not the most used data source, it allows the modeling of almost all tactics from the MITRE ATT&CK.

show abstract

Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack Graph

Javorník

Husák

2022

Engineering Reports

View full text Add to dashboard Cite

We present an approach to decision support in cybersecurity with respect to cyber threats and stakeholders' requirements. We approach situations in which cybersecurity experts need to take actions to mitigate the risks, such as temporarily putting an IT system out of operation, but need to consult them with other stakeholders. We propose a decision support system that uses a mission decomposition model representing the organization's functional and security requirements on its IT infrastructure. Based on the cybersecurity state assessment, that is, discovery of vulnerabilities and attacker's position, the decision support system calculates the resilience metrics for each IT infrastructure's configuration, that is, how likely are they to not be disrupted. The calculation is enabled by two novel formal models, Privilege-Exploit Attack Graph and Bayesian Privilege Attack Graph, which reduce complex attack graphs into a comprehensible bipartite graph. Moreover, they illustrate the impact of exploiting the vulnerabilities and attackers gaining the privileges. The system recommends the most resilient mission configurations that are comprehensible to both cybersecurity experts and non-technical stakeholders, who may then choose which configuration to apply. Our approach is illustrated in a case study of a real-world medical information system.

show abstract

Network Monitoring and Enumerating Vulnerabilities in Large Heterogeneous Networks

Cited by 10 publications

References 13 publications

Design and Implementation of Network Monitoring System for Campus Infrastructure Using Software Agents

Design and Implementation of Network Monitoring System for Campus Infrastructure Using Software Agents

Current Challenges of Cyber Threat and Vulnerability Identification Using Public Enumerations

Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack Graph

Contact Info

Product

Resources

About