Published: July 16, 2008
Author(s)
Lingyu Wang, Anoop Singhal
Conference
Name: 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security
Dates: July 13-16, 2008
Location: London, United Kingdom
Citation: Data and Applications Security XXII, Lecture Notes in Computer Science vol. 5094, pp. 283-296
Announcement
In today's networked environments, protecting critical resources usually requires us to understand and measure the likelihood of multi-step attacks that combine different vulnerabilities for reaching the attack goal. Such a measurement is now feasible due to a qualitative model of causal relationships between vulnerabilities, nammely, attack graph. This paper proposes an attack graph-based probabilistic metric for measuring network security and studies its efficient computation. We first define the basic metric and provide an intuitive and meaningful interpretation to the metric. We then study the definition in more complex attack graphs with cycles and extend the definition accordingly. We show that computing the metric by definition is not efficient in many cases and propose heuristics to improve the efficiency of such computation.
In today's networked environments, protecting critical resources usually requires us to understand and measure the likelihood of multi-step attacks that combine different vulnerabilities for reaching the attack goal. Such a measurement is now feasible due to a qualitative model of causal...
See full abstract
In today's networked environments, protecting critical resources usually requires us to understand and measure the likelihood of multi-step attacks that combine different vulnerabilities for reaching the attack goal. Such a measurement is now feasible due to a qualitative model of causal relationships between vulnerabilities, nammely, attack graph. This paper proposes an attack graph-based probabilistic metric for measuring network security and studies its efficient computation. We first define the basic metric and provide an intuitive and meaningful interpretation to the metric. We then study the definition in more complex attack graphs with cycles and extend the definition accordingly. We show that computing the metric by definition is not efficient in many cases and propose heuristics to improve the efficiency of such computation.
Hide full abstract
Keywords
graphs; network security; security metrics; vulnerability assessment
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
