Measuring Network Security Using Bayesian Network-Based Attack Graphs

Author

Frigault, Marcel ; Wang, Lingyu

Author_Institution

Concordia Inst. for Inf. Syst. Eng., Concordia Univ., Montreal, QC

fYear

2008

fDate

July 28 2008-Aug. 1 2008

Firstpage

698

Lastpage

703

Abstract

Given the increasing dependence of our societies on information systems, the overall security of these systems should be measured and improved. Existing work generally focuses on measuring individual vulnerabilities instead of measuring their combined effects. Recent research has explored the application of attack graphs and probabilistic security metrics to address this challenge. However, such work usually assumes metrics of individual vulnerabilities to be independently distributed and combines them in an arbitrary manner. They cannot address more realistic cases, such as exploiting one vulnerability makes another vulnerability easier to exploit. In this paper, we propose to model probability metrics based on attack graphs as a special Bayesian Network. This approach provides a sound theoretical foundation to such metrics. It can also provide the capabilities of using conditional probabilities to address the general cases of interdependency between vulnerabilities.

Keywords

belief networks; security of data; Bayesian network-based attack graphs; network security; probabilistic security metrics; Application software; Bayesian methods; Computer applications; Computer networks; Computer security; Information security; Information systems; Societies; Software measurement; Systems engineering and theory; Attack; Bayesian; Graph; Measuring; Network; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Software and Applications, 2008. COMPSAC '08. 32nd Annual IEEE International

Conference_Location

Turku

ISSN

0730-3157

Print_ISBN

978-0-7695-3262-2

Electronic_ISBN

0730-3157

Type

conf

DOI

10.1109/COMPSAC.2008.88

Filename

4591650