Automated Classification of Attacker Privileges Based on Deep Neural Network

Abstract

Attack graphs generated from the detected vulnerabilities in a network depict all possible attack paths that an intruder can take. Conventional approaches to generating attack graphs require well-categorized data of prerequisites and postconditions for the identified vulnerabilities. However, generating them in an automated way is an open issue. Hence automatic classification methods are desirable to effectively generate attacker privilege fields as prerequisites and postconditions, improve the generation of the attack graph, and reduce the security risks of the system. In this paper, we propose a new automatic attacker privilege model (IG-DNN). The information gain (IG) is used for obtaining an optimal set of feature words from vulnerability description, and the deep neural network model is served as an automatic attacker privilege classifier. We use the National Vulnerability Database (NVD) to validate the effectiveness of the IG-DNN model. We observe that prerequisite and postcondition privileges can be generated with overall average F-measure of 99.53% and 98.90% with the IG-DNN models, respectively. Moreover, compared with Naïve Bayes, KNN, and SVM, the IG-DNN model has achieved the best performance in precision, recall, and F-measure.