Abstract
Network vulnerability discovery can generally be done using vulnerability scanning tools that are able to identify possible threats or flaws of network services, ports, devices, protocols, operating systems, and software connected to a network. Most existing tools give a list of vulnerabilities on network-related services and they are used in another stage of the analysis such as risk assessment, penetration test, and re-programming. However, the automatic compilation of the detected vulnerabilities into the risk assessment is crucial for timely risk mitigation and optimized penetration test process. This paper proposes a design and implementation of a risk assessment tool called Auto-RAT which delivers an automatic risk assessment from Nmap, a network enumeration tool supporting the penetration test process. To enable the usability and immediate risk analysis of the Nmap, Auto-RAT is designed to realize the process of Nmap and its result for the automatic compilation into the risk assessment engine. We propose a set of algorithms to convert Nmap scan results into risk assessment model where the risk scoring is calculated using the Common Vulnerability Scoring System (CVSS). Finally, the system generates final risk assessment score and possible risk mitigation strategies for the system evaluation. We run the simulation by comparing the overlapped results between our AutoRAT and Nessus scan result to demonstrate that AutoRAT can effectively reduce the set of vulnerabilities that will be executed in the penetration test process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Yuen, J., Turnbull, B., Hernandez, J.: Visual analytics for cyber red teaming. In: IEEE, Symposium on Visualization for Cyber Security (VizSec 2015), pp. 1–8 (2015). https://doi.org/10.1109/VIZSEC.2015.7312765
Zheng, S., et al.: PTVis: visual narrative and auxiliary decision to assist in comprehending the penetration testing process. IEEE Access 8, 194523–194540 (2020). https://doi.org/10.1109/ACCESS.2020.3033391
Nmap official website. https://nmap.org/. Accessed 9 Feb 2022
VulDB Search. https://vuldb.com/?search. Accessed 9 Feb 2022
Liao, S., et al.: A Comprehensive detection approach of Nmap: principles, rules and experiments. In: Proceeding of the 2020 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC 2020), Chongqing, China, 29–30 October 2020, pp. 64–71 (2020). https://doi.org/10.1109/CyberC49757.2020.00020
Chalvatzis, I., Karras, D.A., Papademetriou, R.C.: Evaluation of security vulnerability scanners for small and medium enterprises business networks resilience towards risk assessment. In: Proceeding of IEEE International Conference on Artificial Intelligence and Computer Applications (ICAICA 2019), Dalian, China, 29–31 March 2019, pp. 52–58 (2019) https://doi.org/10.1109/ICAICA.2019.8873438
Shah, M., Ahmed, S., Saeed, K., Junaid, M., Khan, H., Ata-ur-rehman.: penetration testing active reconnaissance phase – optimized port scanning with Nmap tool. In: Proceeding of 2nd International Conference on Computing, Mathematics and Engineering Technologies (iCoMET 2019), Sukkur, Pakistan, 30–31 January 2019, pp. 1–6. (2019). https://doi.org/10.1109/ICOMET.2019.8673520
Zhang, Z., Towey, D., Ying, Z., Zhang, Y., Zhou, Z.Q.: MT4NS: metamorphic testing for network scanning. In: Proceeding of IEEE/ACM Sixth International Workshop on Metamorphic Testing (MET 2021), Madrid, Spain, 2 June 2021, pp. 17–23 (2021). https://doi.org/10.1109/MET52542.2021.00010
Rohrmann, R.R., Ercolani, V.J., Patton, M.W.: Large scale port scanning through tor using parallel Nmap scans to scan large portions of the IPv4 range. In: IEEE International Conference on Intelligence and Security Informatics (ISI 2017), Beijing, China, 22–24 July 2017, pp. 185–187 (2017). https://doi.org/10.1109/ISI.2017.8004906
Liu, S.-C., Liu, Y.: Network security risk assessment method based on HMM and attack graph model. In: Proceeding of 17th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed (SNPD 2016), pp. 517–522. Shanghai, China, 30–1 May/Jun 2016, https://doi.org/10.1109/SNPD
Zhu, X.: Computer network vulnerability assessment and safety evaluation application based on Bayesian theory. Int. J. Secur. Appl. 10(12), 359–368 (2016). https://doi.org/10.14257/ijsia.2016.10.12.29
Wang, H., Chen, Z., Zhao, J., Di, X., Liu, D.: A vulnerability assessment method in industrial Internet of Things based on attack graph and maximum flow. IEEE Access 6, 8599–8609 (2018). https://doi.org/10.1109/ACCESS.2018.2805690
George, G., Thampi, S.M.: A graph-based security framework for securing industrial IoT networks from vulnerability exploitation. IEEE Access 6, 43586–43601 (2018) https://doi.org/10.1109/ACCESS.2018.2863244
He, W., Li, H., Li, J.: Unknown vulnerability risk assessment based on directed graph models: a survey. IEEE Access 7 168201–168225 (2019). https://doi.org/10.1109/ACCESS2019.2954092
Wang, W., et al.: A vulnerability risk assessment method based on heterogeneous information network. IEEE Access 8, 148315–148330 (2020)
Asvija, B., Eswari, R., Bijoy, M.B.: Bayesian attack graphs for platform virtualized infrastructures in clouds. J. Inf. Secur. Appl. 51, 102455 (2020). https://doi.org/10.1016/j.jisa.2020.102455
Lallie, H.S., Debattista, K., Bal, J.: A review of attack graph and attack tree visual syntax in cyber security. Comput. Sci. Rev. 35, 100219 (2020). https://doi.org/10.1016/j.cosrev.2019.100219
Vulnerability database. https://www.vuldb.com. Accessed 9 Feb 2022
CVSS v3.1 Specification. https://www.first.org/cvss/specification-document. Accessed 9 Feb 2022
CVSS PyPi. https://pypi.org/project/cvss/. Accessed 9 Feb 2022
CWE – Common Weakness Enumeration. https://cwe.mitre.org/. Accessed 9 Feb 2022
Download Metasploitable Intentionally Vulnerable Machine. https://information.rapid7.com/download-metasploitable-2017.html. Accessed 9 Feb 2022
Nessus Essential Vulnerability Scanner. https://www.tenable.com/products/nessus/nessus-essentials. Accessed 9 Feb 2022
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Sethapanee, A., Nimitrchai, T., Fugkeaw, S. (2022). AutoRat: Automated Risk Assessment Tool for Network Mapper Scanning. In: Meesad, P., Sodsee, S., Jitsakul, W., Tangwannawit, S. (eds) Proceedings of the 18th International Conference on Computing and Information Technology (IC2IT 2022). IC2IT 2022. Lecture Notes in Networks and Systems, vol 453. Springer, Cham. https://doi.org/10.1007/978-3-030-99948-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-99948-3_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-99947-6
Online ISBN: 978-3-030-99948-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)