Volume 6 - Issue 2
Integrated Repository of Security Information for Network Security Evaluation
- Andrey Fedorchenko
Laboratory of Computer Security Problems St. Petersburg Institute for Informatics and Automation (SPIIRAS) 39, 14 Liniya, St. Petersburg, Russia
fedorchenko@comsec.spb.ru
- Igor Kotenkoy
Laboratory of Computer Security Problems St. Petersburg Institute for Informatics and Automation (SPIIRAS) 39, 14 Liniya, St. Petersburg, Russia
ivkote@comsec.spb.ru
- Andrey Chechulin
Laboratory of Computer Security Problems St. Petersburg Institute for Informatics and Automation (SPIIRAS) 39, 14 Liniya, St. Petersburg, Russia
chechulin@comsec.spb.ru
Keywords: security information repository, vulnerability and exploit databases, vulnerability analysis, network security evaluation.
Abstract
Security evaluation systems usually use various information sources to estimate computer network
security. One of the important tasks in these systems is integration and storage of information from
various sources. The paper is devoted to investigation and development of models and methods to
integrate open security databases into one repository. The model of integration proposed in the paper
helps to improve the accuracy of attack detection systems. As sources for security information,
different open databases of vulnerabilities, exploits, and dictionaries of products are used, and open
databases of weaknesses, attack patterns and configurations are planned to be used. The object of
research and development is the mechanisms intended to bind and combine heterogeneous security
information. We propose the structure of the integrated repository and the model of security information
integration, describe the repository implementation and analyze the results of experiments with
the repository.