An Approach for Security Assessment of Network Configurations Using Attack Graph

Author

Ghosh, Nirnay ; Ghosh, S.K.

Author_Institution

Sch. of Inf. Technol., Indian Inst. of Technol., Kharagpur, India

fYear

2009

fDate

27-29 Dec. 2009

Firstpage

283

Lastpage

288

Abstract

With increasing network security threats, the network vulnerability must consider exploits in the context of multistage, multi-host attack scenarios. The general approach to this problem is to construct an attack graph for a given network configuration. An attack graph consists of a number of attack paths which are essentially series of exploits which an attacker employs to reach the destination. Each attack path depicts an attack scenario. As the number of attack scenarios increases, the overall security of the network reduces. Thus there is need for quantification of security level of a given network. In this paper, two security metrics, namely probabilistic security metric and attack resistance metric, have been employed to evaluate the relative security levels of various network configurations. A case study has been presented to demonstrate the applicability of the proposed approach.

Keywords

computer network security; attack graph; attack resistance metric; network security assessment; network security threats; probabilistic security metric; Bayesian methods; Computer security; Electrical resistance measurement; HTML; Information security; Information technology; Particle measurements; Retina; Attack Graph; Network Security; Security Metric;

fLanguage

English

Publisher

ieee

Conference_Titel

Networks and Communications, 2009. NETCOM '09. First International Conference on

Conference_Location

Chennai

Print_ISBN

978-1-4244-5364-1

Electronic_ISBN

978-0-7695-3924-9

Type

conf

DOI

10.1109/NetCoM.2009.83

Filename

5383993