CVSS-based security metrics for quantitative analysis of attack graphs

Attack graphs are efficient tools for detecting possible attacks in the network and their causes. By analyzing attack graphs and eliminating causes of attacks in the networks, we can immune networks against known intrusions. The main shortcoming of attack graphs is that they give no information about the damages of the possible attacks in the network. On the other hand by attack graphs, we can only analyze network security qualitatively. In this paper we propose a method that can measure the impact of each shown attack in the attack graph on the security parameters (Confidentiality, Availability and Integrity) of the network. In the proposed approach we have defined some security metrics by combining CVSS framework and attack graph. The main problem with the existing approaches is that, they cannot consider interrelation between vulnerabilities of the network efficiently. Our defined security metrics can address this issue and help us to assess network security quantitatively by analyzing attack graphs. By applying proposed security metrics on each network´s attack graph we can find the most perilous vulnerability in the network.