Title :
An Approach for Security Assessment of Network Configurations Using Attack Graph
Author :
Ghosh, Nirnay ; Ghosh, S.K.
Author_Institution :
Sch. of Inf. Technol., Indian Inst. of Technol., Kharagpur, India
Abstract :
With increasing network security threats, the network vulnerability must consider exploits in the context of multistage, multi-host attack scenarios. The general approach to this problem is to construct an attack graph for a given network configuration. An attack graph consists of a number of attack paths which are essentially series of exploits which an attacker employs to reach the destination. Each attack path depicts an attack scenario. As the number of attack scenarios increases, the overall security of the network reduces. Thus there is need for quantification of security level of a given network. In this paper, two security metrics, namely probabilistic security metric and attack resistance metric, have been employed to evaluate the relative security levels of various network configurations. A case study has been presented to demonstrate the applicability of the proposed approach.
Keywords :
computer network security; attack graph; attack resistance metric; network security assessment; network security threats; probabilistic security metric; Bayesian methods; Computer security; Electrical resistance measurement; HTML; Information security; Information technology; Particle measurements; Retina; Attack Graph; Network Security; Security Metric;
Conference_Titel :
Networks and Communications, 2009. NETCOM '09. First International Conference on
Conference_Location :
Chennai
Print_ISBN :
978-1-4244-5364-1
Electronic_ISBN :
978-0-7695-3924-9
DOI :
10.1109/NetCoM.2009.83
