Title :
A Novel Comprehensive Network Security Assessment Approach
Author :
Wang, Chunlu ; Wang, Yancheng ; Dong, Yingfei ; Zhang, Tianle
Author_Institution :
Beijing Univ. of Posts & Telecommun. (BUPT), Beijing, China
Abstract :
Network security assessment is critical to the survivability and reliability of distributed systems. In this paper, we propose a novel assessment approach that supports automatic vulnerability assessment utilizing Bayesian attack graphs. We also integrate several major vulnerability database into a comprehensive database and build a customized vulnerability scanner to assist attack graph generation. Different from existing solutions that manually assign probabilities to a Bayesian attack graph, we design a set of quantitative metrics to automatically analyze vulnerability and evaluate the proposed approach with real-world examples. Our results show the promising capability of the proposed approach in further improving assessment quality.
Keywords :
Bayes methods; computer network reliability; computer network security; graph theory; network theory (graphs); probability; Bayesian attack graphs; automatic attack graph generation; automatic vulnerability assessment; comprehensive network security assessment approach; correlated vulnerability database; distributed system reliability; vulnerability scanner; Bayesian methods; Complexity theory; Databases; IEEE Communications Society; Measurement; Peer to peer computing; Security;
Conference_Titel :
Communications (ICC), 2011 IEEE International Conference on
Conference_Location :
Kyoto
Print_ISBN :
978-1-61284-232-5
Electronic_ISBN :
1550-3607
DOI :
10.1109/icc.2011.5963092
