IAVS: Intelligent Active Network Vulnerability Scanner
Network security needs to be assured through runtime active evaluating and assessment. However, active vulnerability scanners suffer from serious deficiencies such as heavy scan traffic during the reconnaissance phase, uncertainty in the environment, and heavy reliance on experts. Generating a blind heavy load of attack packets not only causes usage of network resources, but it also increases the probability of detection by target defense systems and causes failure in finding vulnerabilities. Furthermore, environmental uncertainty increases pointless attempts of vulnerability scanners, which wastes time. Utilizing a decision-making method devised for uncertainty conditions, we present Intelligent Active Network Vulnerability Scanner (IAVS). IAVS is implemented as an extension on Hail Mary, the automatic execution mechanism in the Metasploit toolkit. IAVS learns from previous vulnerability exploitation attempts to select exploit codes purposefully. IAVS not only reduces the role of experts in the process of vulnerability testing, but it also decreases the volume of scanning requests during the reconnaissance phase by integrating the reconnaissance and exploitation phases. Our experimental results indicate a successful decrease in failed attempts. It is also demonstrated that improvements in the results of IAVS correspond directly to the rate of similarity among different vulnerabilities in systems of the target network; that is, the higher the similarity, the better the results of IAVS. Our experiments compared the results of IAVS and those of Hail Mary without the IAVS extension; these results show that IAVS improved Hail Marys successful attempts by around 37%.