Title :
Using attack graphs and intrusion evidences to extrapolate network security state
Author :
Zhang, Shaojun ; Li, Lan ; Li, Jianhua ; Song, Shanshan ; Chen, Xiuzhen
Author_Institution :
Sch. of Inf. Security Eng., Shanghai Jiaotong Univ., Shanghai, China
Abstract :
Network attack graphs are originally used to evaluate what the worst security state will be if a network is under attack. Along with observed intrusion evidences, we can further use attack graphs to extrapolate the current security state of a concerned network. Methods have been proposed in recent years to use observed intrusion evidences to compute the node belief metric of network attack graphs. However, these methods suffer either from low model generality, high computational complexity or immoderate dependence on empirical formulas. To overcome these obstacles, we improve one of the Bayesian network inference algorithms - the likelihood weighting algorithm into a novel node belief metric computation method. Experiment results show our method can achieve high computational accuracy in linear computational complexity, a feature making it feasible to be used to process large scale network attack graphs in real-time.
Keywords :
belief networks; computational complexity; inference mechanisms; security of data; telecommunication security; Bayesian network inference algorithms; intrusion evidences; likelihood weighting algorithm into; linear computational complexity; network attack graphs; network security; node belief metric; Bayesian methods; Computational complexity; Computer networks; Inference algorithms; Information management; Information security; Intrusion detection; Laboratories; Large-scale systems; Monitoring; Bayesian inference; attack graph; intrusion evidence; network security;
Conference_Titel :
Communications and Networking in China, 2009. ChinaCOM 2009. Fourth International Conference on
Conference_Location :
Xian
Print_ISBN :
978-1-4244-4337-6
Electronic_ISBN :
978-1-4244-4337-6
DOI :
10.1109/CHINACOM.2009.5339841
