Title :
An attack graph based network security evaluation model for hierarchical network
Author :
Ge, Haihui ; Gu, Lize ; Yang, Yixian ; Liu, Kewei
Author_Institution :
Key Lab. of Network & Inf. Attack & Defence Technol. of MOE, Beijing Univ. of Posts & Telecommun., Beijing, China
Abstract :
To evaluate the security situation of hierarchical network, a novel evaluation algorithm based on the method of constructing a security risk function is proposed. The proposed algorithm is the aggregation of qualitative evaluation and quantitative evaluation. We quantify the asset loss (AL) and the threat value of each attack step (TVA) basing on attack graph, and adjust the loss of assets that are of the same type and have different uses with coefficient of asset importance (CAI). Then, we construct a risk evaluation function which is based on the above three parameters. Thus, the assessment score gotten through the evaluation function can comprehensively reflect the risk value including loss, threat of an attack step, and importance of the suffering entity. Finally, we get the risk value by fusing all subnets´ risk value in one area, and divide the risk value into 4 security levels. Seen from the case study, the model solves the security evaluation problem for hierarchical network simply and efficiently.
Keywords :
computer network security; graph theory; asset importance coefficient; asset loss; attack graph; hierarchical network; network security evaluation model; risk evaluation function; risk value; security risk function; threat value; Algorithm design and analysis; Computer aided instruction; Mathematical model; Servers; Software; Trojan horses; Network security evaluation; attack graph; entertainment network security;
Conference_Titel :
Information Theory and Information Security (ICITIS), 2010 IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-6942-0
DOI :
10.1109/ICITIS.2010.5688764
