Vulnus: Visual Vulnerability Analysis for Network Security

Vulnerabilities represent one of the main weaknesses of IT systems and the availability of consolidated official data, like CVE (Common Vulnerabilities and Exposures), allows for using them to compute the paths an attacker is likely to follow. However, even if patches are available, business constraints or lack of resources create obstacles to their straightforward application. As a consequence, the security manager of a network needs to deal with a large number of vulnerabilities, making decisions on how to cope with them. This paper presents VULNUS (VULNerabilities visUal aSsessment), a visual analytics solution for dynamically inspecting the vulnerabilities spread on networks, allowing for a quick understanding of the network status and visually classifying nodes according to their vulnerabilities. Moreover, VULNUS computes the approximated optimal sequence of patches able to eliminate all the attack paths and allows for exploring sub-optimal patching strategies, simulating the effect of removing one or more vulnerabilities. VULNUS has been evaluated by domain experts using a lab-test experiment, investigating the effectiveness and efficiency of the proposed solution.

[1]  Richard Lippmann,et al.  Visualizing attack graphs, reachability, and trust relationships with NAVIGATOR , 2010, VizSec '10.

[2]  Lisandro Zambenedetti Granville,et al.  A Survey on Information Visualization for Network and Service Management , 2016, IEEE Communications Surveys & Tutorials.

[3]  Daniel A. Keim,et al.  VACS : Visual Analytics Suite for Cyber Security - Visual Exploration of Cyber Security Datasets , 2013 .

[4]  Greg,et al.  Security data visualization : graphical techniques for network analysis , 2007 .

[5]  Colin Ware,et al.  Visual Thinking for Design , 2008 .

[6]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[7]  Sushil Jajodia,et al.  Securing Networks Against Unpatchable and Unknown Vulnerabilities Using Heterogeneous Hardening Options , 2017, DBSec.

[8]  Ben Shneiderman,et al.  Ordered treemap layouts , 2001, IEEE Symposium on Information Visualization, 2001. INFOVIS 2001..

[9]  Ali A. Ghorbani,et al.  A Survey of Visualization Systems for Network Security , 2012, IEEE Transactions on Visualization and Computer Graphics.

[10]  Sushil Jajodia,et al.  VULCON: A System for Vulnerability Prioritization, Mitigation, and Management , 2018, ACM Trans. Priv. Secur..

[11]  Daniel A. Keim,et al.  Visual Analysis of Network Traffic for Resource Planning, Interactive Monitoring, and Interpretation of Security Threats , 2007, IEEE Transactions on Visualization and Computer Graphics.

[12]  Richard Lippmann,et al.  An Interactive Attack Graph Cascade and Reachability Display , 2007, VizSEC.

[13]  Daniel A. Keim,et al.  A Visual Analytics Field Experiment to Evaluate Alternative Visualizations for Cyber Security Applications , 2014, EuroVA@EuroVis.

[14]  Michael D. Iannacone,et al.  NV: Nessus vulnerability visualization for the web , 2012, VizSec '12.

[15]  Evangelos E. Milios,et al.  LogView: Visualizing Event Log Clusters , 2008, 2008 Sixth Annual Conference on Privacy, Security and Trust.

[16]  Daniel A. Keim,et al.  Visual support for analyzing network traffic and intrusion detection events using TreeMap and graph representations , 2009, CHIMIT.

[17]  Sushil Jajodia,et al.  Measuring the Overall Network Security by Combining CVSS Scores Based on Attack Graphs and Bayesian Networks , 2017 .

[18]  Giuseppe Santucci,et al.  STEIN: Speeding up Evaluation Activities With a Seamless Testing Environment INtegrator , 2018, EuroVis.

[19]  John R. Goodall,et al.  Visual analysis of code security , 2010, VizSec '10.

[20]  William Yurcik,et al.  A visualization tool for situational awareness of tactical and strategic security events on large and complex computer networks , 2003, IEEE Military Communications Conference, 2003. MILCOM 2003..

[21]  Sajjan G. Shiva,et al.  Use of Attack Graphs in Security Systems , 2014, J. Comput. Networks Commun..

[22]  Sushil Jajodia,et al.  Refining CVSS-Based Network Security Metrics by Examining the Base Scores , 2017 .

[23]  Jaana Kekäläinen,et al.  Cumulated gain-based evaluation of IR techniques , 2002, TOIS.

[24]  John R. Goodall,et al.  VIAssist: Visual analytics for cyber defense , 2009, 2009 IEEE Conference on Technologies for Homeland Security.

[25]  Giuseppe Santucci,et al.  PERCIVAL: proactive and reactive attack and response assessment for cyber incidents using visual analytics , 2015, 2015 IEEE Symposium on Visualization for Cyber Security (VizSec).

[26]  Sushil Jajodia,et al.  Managing attack graph complexity through visual hierarchical aggregation , 2004, VizSEC/DMSEC '04.

[27]  Hamed Okhravi,et al.  QUASAR: Quantitative Attack Space Analysis and Reasoning , 2017, ACSAC.

[28]  John Yen,et al.  Cyber SA: Situational Awareness for Cyber Defense , 2010, Cyber Situational Awareness.

[29]  Eric Lecolinet,et al.  Browsing Zoomable Treemaps: Structure-Aware Multi-Scale Navigation Techniques , 2007, IEEE Transactions on Visualization and Computer Graphics.

[30]  Jarke J. van Wijk,et al.  Squarified Treemaps , 2000, VisSym.

[31]  Richard P. Lippmann,et al.  An Annotated Review of Past Papers on Attack Graphs , 2005 .

[32]  Cheryl Z. Qian,et al.  Multi-aspect visual analytics on large-scale high-dimensional cyber security data , 2015, Inf. Vis..

[33]  Daniel A. Keim,et al.  A Survey of Visualization Systems for Malware Analysis , 2015, EuroVis.