Link to the paper
Abstract:
Software vulnerabilities represent one of the main weaknesses of IT systems w.r.t. cyber attacks and the availability of con- solidated official data, like CVE (Common Vulnerability and Exposure), allows for using such vulnerabilities to foresee the paths an attacker is likely to follow to reach sensible resources. Dealing with this issue is particularly challenging in the con- text of critical infrastructure where, even if patches are available, organization’s mission constraints create obstacles to their straightforward application. As a consequence, the security manager of a complex network needs to deal with a large number of vulnerabilities, making decision on how to cope with them. This paper presents Vulnus (VULNerabilities visUal assessment for critical infrastructureS), a Visual Analytics solution for dynamically inspecting the CVE vulnerabilities spread on large networks, allowing for a quick understanding of a) the network status, visually classifying nodes according to the vulnerabilities they host and b) the impact the exploitation of such vulnerabil- ities might have on the organization mission. The system relies on both metrics coming from the CVSS (Common Vulnerability Score System) repository and on metrics analytically computed from the attack path analysis. Using such an understanding, the security manager can gain a wide situational awareness on vulnerability spread, identify critical nodes, and prioritize inter- ventions. The proposed approach has been developed within the FP7 European Panoptesec project that aims at increasing the cyber security state of critical infrastructures.