0% found this document useful (0 votes)

5 views4 pages

Analysis of Computer System Vulnerability

The paper discusses the increasing complexity of computer systems and their inherent vulnerabilities, which are exploited by hackers, posing significant security threats. It defines computer system vulnerability, categorizes it into three types, and outlines the causes and potential harms associated with these vulnerabilities. The authors emphasize the importance of conducting vulnerability assessments to enhance computer system security and propose various assessment methods.

Uploaded by

hendrichandra1979hc

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

5 views4 pages

Analysis of Computer System Vulnerability

Uploaded by

hendrichandra1979hc

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 4

Available online [Link].

com

Journal of Chemical and Pharmaceutical Research, 2014, 6(7):903-906

ISSN : 0975-7384
Research Article CODEN(USA) : JCPRC5

Analysis of computer system vulnerability

Gao Xin1 and Xiaoyu Zhao2

1
Yellow River Conservancy Technical Institute, China
2
Zhengzhou Vocational College of Economics and Trade, China
_____________________________________________________________________________________________

ABSTRACT

With the gradual development of science and technology, computer systems become more and more complicated.
Meanwhile, computer system security is not well guaranteed. A number of lawbreakers take advantage of computer
system vulnerability, which is a threat to computer system security. Computer system security cannot be
strengthened unless assessments and researches on computer system vulnerability are carried out. This paper aims
to cover the definition of computer system vulnerability and explain the causes of the problem. At last, this paper
will conclude several methods of doing computer system vulnerability assessment.

Key words: Computer system, vulnerability, assessment

_____________________________________________________________________________________________

INTRODUCTION

With the rapid development of science and technology, China’s degree of information improves correspondingly and
computer systems become more complicated. However, the speed of updating computer systems is so fast that
designers don’t realize the flaws in their designs. Some lawbreakers take advantage of these flaws, avoid security
strategies and destroy computer systems. The degree of defect is called computer system vulnerability. Computer
system vulnerability is the intrinsic property of each computer system. In other words, there is no computer system
without vulnerability. With the wide spread of computer science and technology, hacker technology develops as well.
Many hackers make use of the flaws of computer systems, attack on these flaws and paralyze the whole network.

The emergence and development of computer network makes originally independent host computers related to each
other, which boosts the efficiency of computer systems. When people enjoy the benefits of convenient Internet
services, they also need to face various threats from Internet. More and more hackers design computer virus and
attack computer systems. Security events emerged in the period of host computer terminal. At that time, hacker used
computer virus to attack an independent host computer. After the emergence of Internet, computer virus can be
transmitted through several ways. Based on Internet, hackers invented many ways of attacking computer systems.
More attacking targets and more attacking methods make people pay more attention to computer system security.
Chart I is about China’s Internet computers and security events.

903
Gao Xin and Xiaoyu Zhao J. Chem. Pharm. Res., 2014, 6(7):903-906
_____________________________________________________________________________

CHART I China’s Internet Computer and Security Events Data Statistics

According to the data given by China’s Internet Network Information Center (CNNIC), the number of computers is
increasing rapidly in China, and the number of security events is increasing as well, whose increasing rate is higher
than that of computers. The statistics show that computer system security is being threatened by various computer
viruses in the Internet era. There are mainly two reasons for more and more Internet security events. One reason is
that Internet is applied to more fields, and the other reason is that hackers improve their attacking methods.
Fundamentally, the main cause of increasing Internet security events is computer system vulnerability. 95% China’s
security events lie in computer system vulnerability. Hackers make use of the flaws computer systems, enter the
inner system, destroy the system and paralyze the whole network. So it is of great important to carry out an
assessment of computer system vulnerability.

Computer system vulnerability originated in Internet security events. The field emerges relatively early, but it is still
a hot research field. However, the computer system vulnerability assessment is still in the initial stage, and it is
mainly used to sum up the experience of the actual use of computer systems and use the collected experience to
assess other computer systems. This process depends on the process of extracting information and matching
information. The research focus is about how to induce more accurate information sources. This kind of computer
system vulnerability assessment is the most popular one. The relatively mature network security scanning method is
the typical application of the assessments. Based on this kind of computer system vulnerability assessment, some
experts start to employ fault tree, Petri nets, finite-state machine and other theories to carry out computer system
vulnerability assessment, trying working out a more comprehensive assessment method.

2 INTRODUCTION OF COMPUTER SYSTEM VULNERABILITY

2.1 The definition and classification of computer system vulnerability
Computer system vulnerability can be regarded as the security loophole of computer network, and it is in the aspect
of unexpected use. The complexity makes it difficult for designers to take all aspects of the computer systems into
consideration. Therefore, hackers take advantage of the flaws, enter the inner system and do damage to the system.
Computer system vulnerability mainly lies in the process of designing and achieving hardware, software and
agreements. As the inherent property, these flaws can be used by hackers to destroy the system in an authorized way.

Computer system vulnerability can be classified into three types: entity vulnerability, software vulnerability and
Internet communication vulnerability. Entity vulnerability is mainly caused by the lack of integrity and entirety in
the design of computer hardware. Entity vulnerability can do harm to CPU and paralyze the system. The head failure
of hardware can result in read-write failure and the paralysis of the whole computer system. External factors like
electromagnetic pulse, high temperature and strong magnetic field, can also damage the computer hardware heavily.
Software vulnerability is the most common one, because software vulnerability is tightly related to computer system.
Hackers usually enter software by inserting virus into certain program, calling functions and programs and getting
powers. The functions of computer software are made up of different links. The design and programming, even
application is quite different from each other in terms of ideology level. A mistake of certain algorithm or
programming can make illegal module invade legal program, which shows that one reason of software vulnerability
is the integrity of executable files. Internet communication vulnerability is highly connected with software
vulnerability. Computer network can achieve hardware sharing, software sharing, data sharing and sharing of
controlling information, but there are some problems and loopholes in recognizing users’ identities. Advanced
Internet communication circuits are telephone line, microwave circuit, special line, etc. These circuits can be easily
influenced by electronic interference, and the transmitting information can be gotten easily as well. The interface
between networks also has flaws. All these flaws become the breakthrough point of illegal intrusion and offer

904
Gao Xin and Xiaoyu Zhao J. Chem. Pharm. Res., 2014, 6(7):903-906
_____________________________________________________________________________
hackers ways of entering systems.

2.2 Causes and harms of computer system vulnerability

The reason for the existence of computer system vulnerability is that programmers do not fully understand the inner
programs. In the process of designing and programming, programmers don’t take every aspects of computer systems
into consideration, which causes computer system vulnerability. Some programmers program in an incorrect and
unsafe way, which worsen computer system vulnerability. Influenced by occupation habits, programmers usually
assume that their programs can be operated in any situation. Thus, programmers may easily ignore the operating
situation, applicable objects and external factors when they are constructing computer system. It can be concluded
that in order to maintaining the normal operation, programmers need to consider the stability of the system and all
the factors above. In addition, users’ incorrect use will also bring about potential danger to computer system and
result in computer system vulnerability.

The harm of computer system vulnerability can be shown in several aspects, for instance, disclosure of confidential
information, wide spread of Internet virus and hacker intrusion, which can do great harm to individual users and
enterprises by cause numerous economic loss. With the gradual improvement of the degree of information, more
severe computer system vulnerability can be a threat to national security in the aspects of politics, economy and
military. Essentially, computer system vulnerability can harm five kinds of system securities, which are reliability,
confidentiality, entirety, usability and undeniableness. Reliability refers to reducing incorrect false alarm in the
operation of computer system and improves the efficiency of computer system. Confidentiality means protecting
users’ information from disclosure and getting by unauthorized third party. Entirety requires that programs or
information should not be tampered, forged, inserted and deleted purposely in the process of storing, communication
and operation. In other words, programs or information cannot be destroyed or lost. Usability means guaranteeing
that users can enjoy the services offered by computer and information network. Even some program is damaged; the
system can also provide users with effective functions. Undeniableness is about the users of computer system, and it
refers to guaranteeing information actors to be responsible for their behavior.

3 ANALYSIS OF COMPUTER SYSTEM VULNERABILITY ASSESSMENT

3.1 Significance of computer system vulnerability assessment
Programmers carry out computer system vulnerability assessment by obtaining relative information, checking up the
information and analyzing whether a single network or network service is normal or not. Computer system
vulnerability assessment assumes the computer system being attacked, quantifies the attacks and checks whether the
system have strong risk response to the attacks. If computer system vulnerability outweighs the risks, the normal
operation will be disturbed and threatened. With the rapid development of computer science and technology, many
computer attacks and network security events occurred. These attacks and security events take place mainly because
of the security vulnerability of computer system itself, and the vulnerability become the breakthrough point of
hackers’ or computer virus’ intrusion. Strengthening computer system vulnerability assessment can improve the
stability and security of computer systems, decrease computer system vulnerability and reduce the occurrence of
computer attacks and network security events.

3.2 Corporative computer system vulnerability assessment

Corporative computer system vulnerability assessment method firstly assumes that the third party’s visit to the
computer system is legal, and allows it to looking through information and using resources. The information gotten
by the third party is legal resources and is gotten through standardized system check. It should guarantee that every
check is done by different assessment programs. The managers of computer systems can pass the check, undertake
assessment, divide the task into different parts and put them on different platform. Then programmers use
corporative computer system vulnerability assessment method to conduct high density examination. In this way can
programmers find the flaws and loopholes of the computer system, check out abnormal data, files and the trail left
by hackers. In a word, corporative computer system vulnerability assessment method is very reliable.

3.3 Non-corporative computer system vulnerability assessment

Non-corporative computer system vulnerability assessment method is used when computer systems find the intruder.
Then computer systems keep full record of intruder’s actions and detect its Internet behavior, assessing the
vulnerability of Internet service systems. In order to execute non-corporative computer system vulnerability
assessment, the intruding program should pass the state test and check out whether the computer system has system
vulnerability by employing technologies like version information, agreement coordination, port state, etc.
Non-corporative computer system vulnerability assessment usually be done on a separate platform. Programmers
use a single analyzer to support the entrances of several operating platforms. Chart II is the comparison between
corporative computer system vulnerability assessment and non-corporative computer system vulnerability
assessment.

905
Gao Xin and Xiaoyu Zhao J. Chem. Pharm. Res., 2014, 6(7):903-906
_____________________________________________________________________________
Comparison of vulnerability analysis of computer
Method of The executive Access to information Access to information There may be
Reliability
characteristics body source condition platform
The cooperative analysis Administrator The detection information Assume legal detection Multiple Very reliable
Analysis of non Attack and return The relatively
Hacker If the illegal invasion one
cooperative information reliable

Chart II Comparison of Vulnerability Analysis of Computer

According to Chart II, it can be concluded that non-corporative computer system vulnerability assessment is more
convenient, while the more complex corporative computer system vulnerability assessment is more reliable.

3.4 Computer system vulnerability assessment method based on rules and models
The assessment of computer vulnerability mainly check out whether computer systems are infiltrated and discover
new permeability changes and change sequences. The former one should be done by using general matching rule,
and the later one should be done by making model analysis. The relatively mature network security scanning method
is the typical application of the computer system vulnerability assessment. It is also an assessment method based on
rules and models. It mainly uses rules and divides rules into three aspects, finding flaws, getting information,
detecting flaws. Comparison of detection method of operating system is shown in Chart III.

Comparison of detection method of operating system

Using the TCP/IP protocol Active feature
Method Advantage Shortcomings
information detection
Response analysis of Firewall blocking UDP or ICMP protocol is not
High accuracy
ICMP reliable
Response analysis of Three port, high In the case of firewall can only open a port, can not
TCP segment accuracy guarantee the accuracy
Analysis of TCP segment
Only one port Slow speed
delay
Not easy to be
Passive detection Analysis of the data is more complex
found
Simple, fast, Sometimes easily information deception, even
Using the system and service of Banner
efficient unable to obtain information

Chart III Comparison of Detection Methods of Operating System

Since network security scanning method is based on rules, it can only make vulnerability assessment of a single host
computer. So the vulnerability assessment of the whole computer network should be carried out by using technology
based on models.

CONCLUSION

Computer systems play a very important role in social life. It is also the necessary infrastructure that promotes
economic development. However, because of some internal and external factors, computer systems have inherent
vulnerability. Therefore, more effective computer system vulnerability methods should be applied. In this way can
computer system security be improved?

REFRENCES

[1] Xing Xujia; Lin Chuang; Jiang Yixin. A Survey of Computer Vulnerability Assessment [J]. Chinese Journal Of
Computers, 2004(01):01-11.
[2] Liu Li. A Survey of Computer Vulnerability Assessment [J]. Digital Technology and Application, 2013(10):51.
[3] Huang Bo. On the vulnerability of computer systems and Hacking protection[J]. Network Security Technology &
Application, 2011(09):14-15.
[4] Long Teng. On the vulnerability of computer systems and Hacking protection [J]. Computer CD Software and
Applications, 2013(07):130-131.
[5] Zhou Haifeng. Assessment of computer system security vulnerability [J]. Science & Technology Information,
2012(11):27.
[6] Xu Xin; Yang Lanqin. Analysis of Computer System Stability and Vulnerability Assessment [J]. Coal Technology,
2013(04):148-149.
[7] Liu Bin. Assessment of computer system vulnerability [J]. Silicon Valley, 2013(23):118-120.
[8] Yang Errui, Zhu Hongwei. Analysis of Computer System Stability and Vulnerability Assessment [J]. Silicon
Valley, 2013(07):151-152.

906

Computer Network Security Vulnerabilities Analysis
No ratings yet
Computer Network Security Vulnerabilities Analysis
7 pages
Cybersecurity Vulnerabilities Guide
No ratings yet
Cybersecurity Vulnerabilities Guide
24 pages
FALLSEM2021-22 CSE3501 ETH VL2021220101428 Reference Material I 04-10-2021 Mod 2 System Security-1 Jey
No ratings yet
FALLSEM2021-22 CSE3501 ETH VL2021220101428 Reference Material I 04-10-2021 Mod 2 System Security-1 Jey
50 pages
Network Computer Security Hidden Dangers and Vulnerability Mining Technology
No ratings yet
Network Computer Security Hidden Dangers and Vulnerability Mining Technology
9 pages
Unit 2 CSCL
No ratings yet
Unit 2 CSCL
33 pages
Research On The Main Threat and Prevention Technology of Computer Network Security
No ratings yet
Research On The Main Threat and Prevention Technology of Computer Network Security
8 pages
Analysis of Computer Network Information Security and Protection
No ratings yet
Analysis of Computer Network Information Security and Protection
4 pages
Cybersecurity Vulnerabilities Guide
No ratings yet
Cybersecurity Vulnerabilities Guide
50 pages
Is Question N Answer
100% (9)
Is Question N Answer
83 pages
Cybersecurity Thesis (Computer Science)
No ratings yet
Cybersecurity Thesis (Computer Science)
42 pages
Unit 1 (CSS)
No ratings yet
Unit 1 (CSS)
10 pages
UMUC Module2 Paper-Darinswan Cybersecurity Vulnerabilities Facing IT Managers Today
No ratings yet
UMUC Module2 Paper-Darinswan Cybersecurity Vulnerabilities Facing IT Managers Today
21 pages
IT Security: Threat (Computer)
No ratings yet
IT Security: Threat (Computer)
5 pages
Computer Systems Hardware Software Electronic Data Disruption Misdirection
No ratings yet
Computer Systems Hardware Software Electronic Data Disruption Misdirection
3 pages
Comprehensive Guide to Cybersecurity
No ratings yet
Comprehensive Guide to Cybersecurity
3 pages
Cybersecurity Fundamentals Guide
No ratings yet
Cybersecurity Fundamentals Guide
19 pages
Subject Cybersecurity Cherif Diallo
No ratings yet
Subject Cybersecurity Cherif Diallo
5 pages
Cybersecurity at Saint Mary Hospital
No ratings yet
Cybersecurity at Saint Mary Hospital
18 pages
Computer Network Engineering Security Problems and
No ratings yet
Computer Network Engineering Security Problems and
5 pages
Unit 2 CSCL
No ratings yet
Unit 2 CSCL
33 pages
Rani 2015
No ratings yet
Rani 2015
4 pages
Unit - II Cyber Security
No ratings yet
Unit - II Cyber Security
40 pages
CS361 Lec1
No ratings yet
CS361 Lec1
41 pages
Cyber Security Threats On The Internet and Possible Solutions
No ratings yet
Cyber Security Threats On The Internet and Possible Solutions
6 pages
Security Vulnerability Testing Guide
No ratings yet
Security Vulnerability Testing Guide
40 pages
1 s2.0 S0022000014000178 Main
No ratings yet
1 s2.0 S0022000014000178 Main
21 pages
ICSFull Article
No ratings yet
ICSFull Article
5 pages
Cyber Security
No ratings yet
Cyber Security
26 pages
Systematic Mapping of Cybersecurity Vulnerabilities
No ratings yet
Systematic Mapping of Cybersecurity Vulnerabilities
15 pages
Ijcet: International Journal of Computer Engineering & Technology (Ijcet)
No ratings yet
Ijcet: International Journal of Computer Engineering & Technology (Ijcet)
11 pages
Information Security & Cyber Laws
No ratings yet
Information Security & Cyber Laws
5 pages
Types and Principles of Computer Security
No ratings yet
Types and Principles of Computer Security
23 pages
Ethical Hacking & Cyber Vulnerabilities
No ratings yet
Ethical Hacking & Cyber Vulnerabilities
10 pages
Computer Security Assignment 2.final
No ratings yet
Computer Security Assignment 2.final
17 pages
Network Security Status Analysis Guide
No ratings yet
Network Security Status Analysis Guide
10 pages
NS - 02 Vulnerabilities
No ratings yet
NS - 02 Vulnerabilities
30 pages
Computer Vulnerability Analysis Thesis Proposal 1va9deoztg
No ratings yet
Computer Vulnerability Analysis Thesis Proposal 1va9deoztg
25 pages
An Empirical Study On Cyber Security Threats and Attacks: R. Sri Devi
No ratings yet
An Empirical Study On Cyber Security Threats and Attacks: R. Sri Devi
6 pages
Cyber-Vulnerability of Power Grid
No ratings yet
Cyber-Vulnerability of Power Grid
3 pages
University of Benghazi Faculty of Information Technology E-Commerce and E-Marketing (IS475)
No ratings yet
University of Benghazi Faculty of Information Technology E-Commerce and E-Marketing (IS475)
11 pages
Lesson 1 - 2 Introduction To Computer Security
No ratings yet
Lesson 1 - 2 Introduction To Computer Security
22 pages
Introduction To Cyber Security: Important Part of Any Organization
No ratings yet
Introduction To Cyber Security: Important Part of Any Organization
8 pages
A Study On Cyber Security - Analyzing Current Threats, Navigating Complexities, and Implementing Prevention Strategies
No ratings yet
A Study On Cyber Security - Analyzing Current Threats, Navigating Complexities, and Implementing Prevention Strategies
16 pages
Vol 13 No 4 34
No ratings yet
Vol 13 No 4 34
9 pages
Vulnerability Assessments in Ethical Hacking
No ratings yet
Vulnerability Assessments in Ethical Hacking
5 pages
Computer Security & Vulnerabilities
No ratings yet
Computer Security & Vulnerabilities
23 pages
System Hacking Fundamentals
No ratings yet
System Hacking Fundamentals
15 pages
Valnurabiloity Assessment
No ratings yet
Valnurabiloity Assessment
5 pages
Computer Security Threats Guide
No ratings yet
Computer Security Threats Guide
28 pages
Cyber Vulnerability
No ratings yet
Cyber Vulnerability
6 pages
NS Lec 2
No ratings yet
NS Lec 2
28 pages
Information Security Diagrams
No ratings yet
Information Security Diagrams
48 pages
Securing Information Systems
No ratings yet
Securing Information Systems
52 pages
Paper 16
No ratings yet
Paper 16
13 pages
Cyber Security Training
No ratings yet
Cyber Security Training
13 pages
Security in Ad Hoc Network
No ratings yet
Security in Ad Hoc Network
8 pages
01 - New Technology of WWI Chart
No ratings yet
01 - New Technology of WWI Chart
2 pages
Flange Leakage Check
No ratings yet
Flange Leakage Check
7 pages
Incentive Plan Counselor July 2025
No ratings yet
Incentive Plan Counselor July 2025
3 pages
M2C4 12 Ichimaru
No ratings yet
M2C4 12 Ichimaru
7 pages
Estimation & Costing Introduction
No ratings yet
Estimation & Costing Introduction
71 pages
Capstone Project 2 Enhanced Security Authentication System
No ratings yet
Capstone Project 2 Enhanced Security Authentication System
39 pages
O Level Accounting Topical Past Paper Book 1
No ratings yet
O Level Accounting Topical Past Paper Book 1
407 pages
Black Friday Marketing Checklist
No ratings yet
Black Friday Marketing Checklist
3 pages
Chery A1 Operating Instruction Manual
No ratings yet
Chery A1 Operating Instruction Manual
176 pages
Mind Management Guide by Swami Mukundananda
No ratings yet
Mind Management Guide by Swami Mukundananda
2 pages
SAMAN Centrifugal Compressor Eng.
No ratings yet
SAMAN Centrifugal Compressor Eng.
5 pages
Instant Ebooks Textbook The Canadian Economy 3rd Edition A. E. Safarian Download All Chapters
100% (22)
Instant Ebooks Textbook The Canadian Economy 3rd Edition A. E. Safarian Download All Chapters
75 pages
HRM vs. HRD and SHRM Overview
No ratings yet
HRM vs. HRD and SHRM Overview
17 pages
Emperor Penguin: Pattern
No ratings yet
Emperor Penguin: Pattern
4 pages
GAS TURBINE WORKSHOP Flyer
No ratings yet
GAS TURBINE WORKSHOP Flyer
2 pages
Questioning Ninetheenth-Century Assumptions About Knowledge - II
No ratings yet
Questioning Ninetheenth-Century Assumptions About Knowledge - II
220 pages
NedapBrochure EAS ID - UK
No ratings yet
NedapBrochure EAS ID - UK
16 pages
Revision Questions L1 Banking Operations and Techniques
No ratings yet
Revision Questions L1 Banking Operations and Techniques
9 pages
Acceptable Usage of IIFL Assets Data and Info - IIFL Finance - Ver0.2
No ratings yet
Acceptable Usage of IIFL Assets Data and Info - IIFL Finance - Ver0.2
3 pages
02 Design and Performance Data-1
No ratings yet
02 Design and Performance Data-1
34 pages
CBL #2
No ratings yet
CBL #2
2 pages
SPIRDANE D 40 Safety Data Sheet
No ratings yet
SPIRDANE D 40 Safety Data Sheet
14 pages
Sales & Distribution Blueprint
100% (4)
Sales & Distribution Blueprint
29 pages
A Traveler's Guide To The City-Site of Reddit (1.0)
100% (1)
A Traveler's Guide To The City-Site of Reddit (1.0)
151 pages
Gifted and Talented Tutorial
No ratings yet
Gifted and Talented Tutorial
20 pages
FM Stats Converter
100% (1)
FM Stats Converter
4 pages
School Directory: Ujjain
No ratings yet
School Directory: Ujjain
202 pages
s70511 29
No ratings yet
s70511 29
8 pages
FIELD STUDY 1 E6 Preparing For Teaching and Learning
No ratings yet
FIELD STUDY 1 E6 Preparing For Teaching and Learning
10 pages
Safe Use Guidelines for Lorry Cranes
No ratings yet
Safe Use Guidelines for Lorry Cranes
38 pages