CANVuS: Context-aware network vulnerability scanning

Yunjing Xu, Michael Bailey, Eric Vander Weele, Farnam Jahanian

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Enterprise networks face a variety of threats including worms, viruses, and DDoS attacks. Development of effective defenses against these threats requires accurate inventories of network devices and the services they are running. Traditional vulnerability scanning systems meet these requirements by periodically probing target networks to discover hosts and the services they are running. This polling-based model of vulnerability scanning suffers from two problems that limit its effectiveness - wasted network resources and detection latency that leads to stale data. We argue that these limitations stem primarily from the use of time as the scanning decision variable. To mitigate these problems, we instead advocate for an event-driven approach that decides when to scan based on changes in the network context - an instantaneous view of the host and network state. In this paper, we propose an architecture for building network context for enterprise security applications by using existing passive data sources and common network formats. Using this architecture, we built CANVuS, a context-aware network vulnerability scanning system that triggers scanning operations based on changes indicated by network activities. Experimental results show that this approach outperforms the existing models in timeliness and consumes much fewer network resources.

Original languageEnglish (US)
Title of host publicationRecent Advances in Intrusion Detection - 13th International Symposium, RAID 2010, Proceedings
PublisherSpringer
Pages138-157
Number of pages20
ISBN (Print)3642155111, 9783642155116
DOIs
StatePublished - 2010
Externally publishedYes
Event13th International Symposium on Recent Advances in Intrusion Detection Systems, RAID 2010 - Ottawa, ON, Canada
Duration: Sep 15 2010Sep 17 2010

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6307 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other13th International Symposium on Recent Advances in Intrusion Detection Systems, RAID 2010
Country/TerritoryCanada
CityOttawa, ON
Period9/15/109/17/10

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'CANVuS: Context-aware network vulnerability scanning'. Together they form a unique fingerprint.

Cite this