Title :
An attack graph based metric for security evaluation of computer networks
Author :
Keramati, Mahsa ; Akbari, A.
Author_Institution :
Comput. Eng. Dept., IUST, Tehran, Iran
Abstract :
Nowadays computer networks face with multi-step attacks, during which, intruder exploits multiple vulnerabilities in a specific manner to attack his victim. So for assessing network security it is essential to understand which vulnerabilities and how must be exploited by the attacker to reach his goal. Such information can be obtained by modeling the network with attack graph. Current approaches for security assessment lack quantitative nature whereas for accurate decision making in security improvement of the network, it is necessary to measure security risk of possible attacks in the network quantitatively. In this paper an attack graph based security metric was proposed that can measure security risk of possible attacks in the network quantitatively. This metric can compute risk degradation options in terms of maximizing security and minimizing cost. Our security metric can be used to calculate total network security quantitatively and can be used for performing cost-benefit tradeoff in network hardening systems. The result of using the proposed metric with one network hardening framework on one well-known example is shown in this paper.
Keywords :
computer networks; cost-benefit analysis; graph theory; security of data; attack graph based security metric; computer networks; cost-benefit tradeoff; decision making; network hardening systems; network security evaluation; risk degradation; security assessment; security risk; Availability; Complexity theory; Computational modeling; Computer networks; Measurement; Probability; Security; Compact attack graph; Network hardening; Quantitative metric; Risk; Security metric;
Conference_Titel :
Telecommunications (IST), 2012 Sixth International Symposium on
Conference_Location :
Tehran
Print_ISBN :
978-1-4673-2072-6
DOI :
10.1109/ISTEL.2012.6483149
