A Network Security Analysis Method Using Vulnerability Correlation

Author

Li, Zhi-Yong ; Xie, Chao-Hai ; Tao, Ran ; Zhang, Hao ; Shi, Na

Author_Institution

Sch. of Inf. Sci. & Technol., Beijing Inst. of Technol., Beijing, China

Volume

1

fYear

2009

fDate

14-16 Aug. 2009

Firstpage

17

Lastpage

21

Abstract

Recently in-depth analysis of network security vulnerability must consider attacker exploits not just in isolation, but also in combination. The general approach to this problem is to compute attack graphs using a variety of graph-based algorithms. However, such methods generally suffer the exponential state space problem. Therefore, this paper brings forward two conceptions of vulnerability correlation matrix and vulnerability correlation graph (VCG). An algorithm based on vulnerability correlation matrix was proposed to generate VCGs. An example was given to illustrate the application and effect of the algorithm in network security analysis. Deep analysis proves that VCGs have polynomial complexity of the number of network vulnerabilities and scale well for large networks. Moreover, the example shows that VCGs are a good help to and convenient for network security management.

Keywords

computational complexity; graph theory; security of data; attack graphs computation; exponential state space problem; network security analysis; polynomial complexity; vulnerability correlation graph; vulnerability correlation matrix; Chaos; Computer networks; Information analysis; Information security; Isolation technology; Network topology; Permission; Radio access networks; State-space methods; Tree graphs; attack graph; network security; vulnerability correlation; vulnerability correlation graph;

fLanguage

English

Publisher

ieee

Conference_Titel

Natural Computation, 2009. ICNC '09. Fifth International Conference on

Conference_Location

Tianjin

Print_ISBN

978-0-7695-3736-8

Type

conf

DOI

10.1109/ICNC.2009.368

Filename

5363697