A Novel Comprehensive Network Security Assessment Approach

Author

Wang, Chunlu ; Wang, Yancheng ; Dong, Yingfei ; Zhang, Tianle

Author_Institution

Beijing Univ. of Posts & Telecommun. (BUPT), Beijing, China

fYear

2011

fDate

5-9 June 2011

Firstpage

1

Lastpage

6

Abstract

Network security assessment is critical to the survivability and reliability of distributed systems. In this paper, we propose a novel assessment approach that supports automatic vulnerability assessment utilizing Bayesian attack graphs. We also integrate several major vulnerability database into a comprehensive database and build a customized vulnerability scanner to assist attack graph generation. Different from existing solutions that manually assign probabilities to a Bayesian attack graph, we design a set of quantitative metrics to automatically analyze vulnerability and evaluate the proposed approach with real-world examples. Our results show the promising capability of the proposed approach in further improving assessment quality.

Keywords

Bayes methods; computer network reliability; computer network security; graph theory; network theory (graphs); probability; Bayesian attack graphs; automatic attack graph generation; automatic vulnerability assessment; comprehensive network security assessment approach; correlated vulnerability database; distributed system reliability; vulnerability scanner; Bayesian methods; Complexity theory; Databases; IEEE Communications Society; Measurement; Peer to peer computing; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications (ICC), 2011 IEEE International Conference on

Conference_Location

Kyoto

ISSN

1550-3607

Print_ISBN

978-1-61284-232-5

Electronic_ISBN

1550-3607

Type

conf

DOI

10.1109/icc.2011.5963092

Filename

5963092