An Approach for Security Assessment of Network Configurations using Attack Graph

被引:23
|
作者
Ghosh, Nirnay [1 ]
Ghosh, S. K. [1 ]
机构
[1] Indian Inst Technol, Sch Informat Technol, Kharagpur 721302, W Bengal, India
来源
2009 FIRST INTERNATIONAL CONFERENCE ON NETWORKS & COMMUNICATIONS (NETCOM 2009) | 2009年
关键词
Network Security; Attack Graph; Security Metric;
D O I
10.1109/NetCoM.2009.83
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
With increasing network security threats, the network vulnerability must consider exploits in the context of multi-stage, multi-host attack scenarios. The general approach to this problem is to construct an attack graph for a given network configuration. An attack graph consists of a number of attack paths which are essentially series of exploits which an attacker employs to reach the destination. Each attack path depicts an attack scenario. As the number of attack scenarios increases, the overall security of the network reduces. Thus there is need for quantification of security level of a given network. In this paper, two security metrics, namely probabilistic security metric and attack resistance metric, have been employed to evaluate the relative security levels of various network configurations. A case study has been presented to demonstrate the applicability of the proposed approach.
引用
收藏
页码:283 / 288
页数:6
相关论文
共 50 条
  • [1] Network Security Risk Assessment Based on Attack Graph
    Xie, Lixia
    Zhang, Xiao
    Zhang, Jiyong
    [J]. JOURNAL OF COMPUTERS, 2013, 8 (09) : 2339 - 2347
  • [2] Analytical Approach to Attack Graph Analysis for Network Security
    Kijsanayothin, Phongphun
    Hewett, Rattikorn
    [J]. FIFTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY: ARES 2010, PROCEEDINGS, 2010, : 25 - 32
  • [3] Measuring the overall security of network configurations using attack graphs
    Wang, Lingyu
    Singhal, Anoop
    Jajodia, Sushil
    [J]. DATA AND APPLICATIONS SECURITY XXI, PROCEEDINGS, 2007, 4602 : 98 - +
  • [4] An approach to evaluate network security risk based on attack graph
    Hu, Xiaoyun
    Yu, Yang
    Xia, Chunhe
    [J]. PROCEEDINGS OF THE 2016 4TH INTERNATIONAL CONFERENCE ON ELECTRICAL & ELECTRONICS ENGINEERING AND COMPUTER SCIENCE (ICEEECS 2016), 2016, 50 : 1235 - 1238
  • [5] Network security assessment using a semantic reasoning and graph based approach
    Wu, Songyang
    Zhang, Yong
    Cao, Wei
    [J]. COMPUTERS & ELECTRICAL ENGINEERING, 2017, 64 : 96 - 109
  • [6] Optimal Network Security Hardening Using Attack Graph Games
    Durkota, Karel
    Lisy, Viliam
    Bosansky, Branislav
    Kiekintveld, Christopher
    [J]. PROCEEDINGS OF THE TWENTY-FOURTH INTERNATIONAL JOINT CONFERENCE ON ARTIFICIAL INTELLIGENCE (IJCAI), 2015, : 526 - 532
  • [7] Multiobjective network security dynamic assessment method based on Bayesian network attack graph
    Xie, Jialiang
    Zhang, Shanli
    Wang, Honghui
    Chen, Mingzhi
    [J]. INTERNATIONAL JOURNAL OF INTELLIGENT COMPUTING AND CYBERNETICS, 2024, 17 (01) : 38 - 60
  • [8] Network Security Risk Assessment System Based on Attack Graph and Markov Chain
    Sun, Fuxiong
    Pi, Juntao
    Lv, Jin
    Cao, Tian
    [J]. 2017 INTERNATIONAL CONFERENCE ON CLOUD TECHNOLOGY AND COMMUNICATION ENGINEERING (CTCE2017), 2017, 910
  • [9] Network Security Risk Assessment Method Based on HMM and Attack Graph Model
    Liu Si-chao
    Liu Yuan
    [J]. 2016 17TH IEEE/ACIS INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ARTIFICIAL INTELLIGENCE, NETWORKING AND PARALLEL/DISTRIBUTED COMPUTING (SNPD), 2016, : 517 - 522
  • [10] Evaluation of Network Risk Using Attack Graph Based Security Metrics
    Kumar, Santosh
    Negi, Anuradha
    Prasad, Keshav
    Mahanti, Aniket
    [J]. 2016 IEEE 14TH INTL CONF ON DEPENDABLE, AUTONOMIC AND SECURE COMPUTING, 14TH INTL CONF ON PERVASIVE INTELLIGENCE AND COMPUTING, 2ND INTL CONF ON BIG DATA INTELLIGENCE AND COMPUTING AND CYBER SCIENCE AND TECHNOLOGY CONGRESS (DASC/PICOM/DATACOM/CYBERSC, 2016, : 91 - 93
12345