Title :
Applying Attack Graphs to Network Security Metric
Author :
Xie, Anming ; Wen, Weiping ; Zhang, Li ; Hu, Jianbin ; Chen, Zhong
Author_Institution :
Sch. of Electron. Eng. & Comput. Sci., Peking Univ., Beijing, China
Abstract :
Since attack graphs provide practical attack context and relationships among vulnerabilities, researchers have been trying to evaluate network security based on attack graphs. However, previous works focus their attention on specific evaluations they concerned, and each does things in his own way. There is no explicit way telling network administrators how to measure network security in a general way. In this paper, we propose a new metric framework, whose main goal is to guide people to perform evaluations based on attack graphs. The main components of proposed metric framework include security index, target of evaluation, elementary attribute, composition algorithm, and arithmetic operators. Relative definitions and analysis of these five components are also given. The following examples show the applications of our metric framework, and validate it.
Keywords :
security of data; software metrics; arithmetic operators; attack graphs; composition algorithm; elementary attribute; network security metric; security index; target of evaluation; Communication system security; Computer networks; Computer science; Computer security; Data security; Educational technology; Information security; Laboratories; National security; Power system security; attack graphs; metric framework; network security;
Conference_Titel :
Multimedia Information Networking and Security, 2009. MINES '09. International Conference on
Conference_Location :
Hubei
Print_ISBN :
978-0-7695-3843-3
Electronic_ISBN :
978-1-4244-5068-8
DOI :
10.1109/MINES.2009.136
