Integrated Repository of Security Information for
Network Security Evaluation


Andrey Fedorchenko, Igor Kotenko
+, and Andrey Chechulin
 

Laboratory of Computer Security Problems St. Petersburg Institute for Informatics and Automation (SPIIRAS) 39, 14 Liniya, St. Petersburg, Russia
{fedorchenko, ivkote, chechulin}@comsec.spb.ru
 

 

Abstract

Security evaluation systems usually use various information sources to estimate computer network security. One of the important tasks in these systems is integration and storage of information from various sources. The paper is devoted to investigation and development of models and methods to integrate open security databases into one repository. The model of integration proposed in the paper helps to improve the accuracy of attack detection systems. As sources for security information, different open databases of vulnerabilities, exploits, and dictionaries of products are used, and open databases of weaknesses, attack patterns and configurations are planned to be used. The object of research and development is the mechanisms intended to bind and combine heterogeneous security information. We propose the structure of the integrated repository and the model of security information integration, describe the repository implementation and analyze the results of experiments with the repository.

 

Keywords: security information repository, vulnerability and exploit databases, vulnerability analysis, network security evaluation.

 

+: Corresponding author: Igor Kotenko
Tel: +7(812) 328-71-81, Web: http://www.comsec.spb.ru/

 

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA),
Vol. 6, No. 2, pp. 41-57, June 2015 [pdf]