The Design and Implementation of a Vulnerability Information Management System

• Main Authors: Jean-Chian Chiou, 邱簡謙
• Other Authors: Shih-Kun Huang
• Format: Others
• Language: zh-TW
• Published: 2002
• Online Access: http://ndltd.ncl.edu.tw/handle/52688673025642430508

碩士 === 中原大學 === 資訊工程研究所 === 90 === With the prevalence of computer and computer network, computer security has gained more and more attention. Among all the computer security incidents, the occurrences of instruction to computer systems and networks has become highly frequent and extensive, which results in serious damage financially and makes intrusion detection an important sector in the overall computer security protection mechanism. Consequently, the vulnerability information management system supporting the operations an instruction detection system becomes more and more important. As the security of a system or a network is only threatened by instruction activities exploiting its vulnerabilities, the detection of such activities can be achieved by monitoring the system operations or the network traffic to see if any vulnerability is being exploiting. Therefore, an effective misuse-based intrusion detection system needs to have its knowledge to vulnerabilities up to date. With many computer security organization discovering, collecting, and organizing vulnerability information, being able to automatically obtain the vulnerability information once it is publicized and apply it to enhance the detection capability of an intrusion detection system will improve the effectiveness of the intrusion detection system and protect the computer environment from loss before a patch to the vulnerability is available. With this understanding, we proposed a vulnerability information management framework managing operations from automatic information collection, integration and automated application to intrusion detection, to the evaluation of a vulnerability’s progression in its life cycle and the analysis of the extent the vulnerability was exploited. A system adapting this management framework has been implemented. Experiment result shows that the defense capability of a computer environment can be effectively enhanced. In addition, the potential threat of a vulnerability is quantized, which makes further analysis on security possible. Keyword: vulnerability database, vulnerability life cycle, vulnerability evaluate.