Applying Attack Graphs to Network Security Metric

Author

Xie, Anming ; Wen, Weiping ; Zhang, Li ; Hu, Jianbin ; Chen, Zhong

Author_Institution

Sch. of Electron. Eng. & Comput. Sci., Peking Univ., Beijing, China

Volume

1

fYear

2009

fDate

18-20 Nov. 2009

Firstpage

427

Lastpage

431

Abstract

Since attack graphs provide practical attack context and relationships among vulnerabilities, researchers have been trying to evaluate network security based on attack graphs. However, previous works focus their attention on specific evaluations they concerned, and each does things in his own way. There is no explicit way telling network administrators how to measure network security in a general way. In this paper, we propose a new metric framework, whose main goal is to guide people to perform evaluations based on attack graphs. The main components of proposed metric framework include security index, target of evaluation, elementary attribute, composition algorithm, and arithmetic operators. Relative definitions and analysis of these five components are also given. The following examples show the applications of our metric framework, and validate it.

Keywords

security of data; software metrics; arithmetic operators; attack graphs; composition algorithm; elementary attribute; network security metric; security index; target of evaluation; Communication system security; Computer networks; Computer science; Computer security; Data security; Educational technology; Information security; Laboratories; National security; Power system security; attack graphs; metric framework; network security;

fLanguage

English

Publisher

ieee

Conference_Titel

Multimedia Information Networking and Security, 2009. MINES '09. International Conference on

Conference_Location

Hubei

Print_ISBN

978-0-7695-3843-3

Electronic_ISBN

978-1-4244-5068-8

Type

conf

DOI

10.1109/MINES.2009.136

Filename

5371024