Search:
Computing and Library Services - delivering an inspiring information environment

Towards Automated Vulnerability Assessment

Khan, Saad and Parkinson, Simon (2017) Towards Automated Vulnerability Assessment. In: 11th Scheduling and Planning Applications woRKshop (SPARK), 19th June 2017, Carnegie Mellon University, Pittsburgh, USA. (Unpublished)

[img]
Preview
PDF - Accepted Version
Download (283kB) | Preview

Abstract

Vulnerability assessment (VA) is a well established method for determining security weaknesses within a system. The VA process is heavily reliant on expert knowledge, something that is attributed to being in short supply. This paper explores the possibility of automating VA and demonstrates an initial proof-of-concept involving decision-making skills comparable with a human-expert. This is achieved through encoding a domain model to represent expert-like capabilities, and then using model-based VA planning to determine VA tasks. Although security evaluation is a complex task, through the help of such models, we can determine the ways to find potential vulnerabilities without an expert present. This technique allows time constrained assessments, where a 'risk factor' is also encoded to represent the significance of each security flaw. The ultimate goal of this work-in-progress is to realistically simulate a human vulnerability auditor. This paper demonstrates the first step towards that goal; a systematic transformation of the VA knowledge into a PDDL representation, accommodating a broad range of time constrained investigative actions. The output plan and its analysis evidently evinces many potential benefits such as increased feasibility and productivity.

Item Type: Conference or Workshop Item (Paper)
Subjects: Q Science > QA Mathematics > QA76 Computer software
Schools: School of Computing and Engineering
School of Computing and Engineering > High-Performance Intelligent Computing > Planning, Autonomy and Representation of Knowledge
School of Computing and Engineering > High-Performance Intelligent Computing > Planning, Autonomy and Representation of Knowledge
Related URLs:
Depositing User: Simon Parkinson
Date Deposited: 05 Jul 2017 13:05
Last Modified: 05 Jul 2017 13:18
URI: http://eprints.hud.ac.uk/id/eprint/32333

Downloads

Downloads per month over past year

Repository Staff Only: item control page

View Item View Item

University of Huddersfield, Queensgate, Huddersfield, HD1 3DH Copyright and Disclaimer All rights reserved ©