Title :
Measuring Network Security Using Bayesian Network-Based Attack Graphs
Author :
Frigault, Marcel ; Wang, Lingyu
Author_Institution :
Concordia Inst. for Inf. Syst. Eng., Concordia Univ., Montreal, QC
fDate :
July 28 2008-Aug. 1 2008
Abstract :
Given the increasing dependence of our societies on information systems, the overall security of these systems should be measured and improved. Existing work generally focuses on measuring individual vulnerabilities instead of measuring their combined effects. Recent research has explored the application of attack graphs and probabilistic security metrics to address this challenge. However, such work usually assumes metrics of individual vulnerabilities to be independently distributed and combines them in an arbitrary manner. They cannot address more realistic cases, such as exploiting one vulnerability makes another vulnerability easier to exploit. In this paper, we propose to model probability metrics based on attack graphs as a special Bayesian Network. This approach provides a sound theoretical foundation to such metrics. It can also provide the capabilities of using conditional probabilities to address the general cases of interdependency between vulnerabilities.
Keywords :
belief networks; security of data; Bayesian network-based attack graphs; network security; probabilistic security metrics; Application software; Bayesian methods; Computer applications; Computer networks; Computer security; Information security; Information systems; Societies; Software measurement; Systems engineering and theory; Attack; Bayesian; Graph; Measuring; Network; Security;
Conference_Titel :
Computer Software and Applications, 2008. COMPSAC '08. 32nd Annual IEEE International
Conference_Location :
Turku
Print_ISBN :
978-0-7695-3262-2
Electronic_ISBN :
0730-3157
DOI :
10.1109/COMPSAC.2008.88
