Title :
Two Stochastic Models for Security Evaluation Based on Attack Graph
Author :
Zhang, Yinqian ; Fan, Xun ; Xue, Zhi ; Xu, Hao
Author_Institution :
Sch. of Inf. Security Eng., Shanghai Jiao Tong Univ., Shanghai
Abstract :
Multiple-prerequisite graph (MP graph) is a type of attack graph that has been developed to help defending large scale enterprise network. As a middle-level attack graph, it has its unique advantages. However, quantitative security evaluations based on MP graph has not been proposed yet. In this paper, we present two stochastic models for quantitative security evaluation using MP graphs. These models are constructed based on the use of Markov Decision Process to model the attackerpsilas behaviors. The network administrators can use these two models respectively to evaluate security metrics at network designing stage and network defending stage.
Keywords :
Markov processes; decision theory; graph theory; security of data; Markov decision process; large scale enterprise network; middle-level attack graph; multiple prerequisite attack graph; security evaluation; stochastic model; Computer networks; Computer security; Forward contracts; Game theory; Humans; Information security; Interference; Large-scale systems; Power generation; Stochastic processes; Markov decision process; Stochastic model; attack graph; security evaluation;
Conference_Titel :
Young Computer Scientists, 2008. ICYCS 2008. The 9th International Conference for
Conference_Location :
Hunan
Print_ISBN :
978-0-7695-3398-8
Electronic_ISBN :
978-0-7695-3398-8
DOI :
10.1109/ICYCS.2008.406
