Integrated Repository of Security Information for Network Security Evaluation

Security evaluation systems usually use various information sources to estimate computer network security. One of the important tasks in these systems is integration and storage of information from various sources. The paper is devoted to investigation and development of models and methods to integrate open security databases into one repository. The model of integration proposed in the paper helps to improve the accuracy of attack detection systems. As sources for security information, different open databases of vulnerabilities, exploits, and dictionaries of products are used, and open databases of weaknesses, attack patterns and configurations are planned to be used. The object of research and development is the mechanisms intended to bind and combine heterogeneous security information. We propose the structure of the integrated repository and the model of security information integration, describe the repository implementation and analyze the results of experiments with the repository.