An Approach for Security Assessment of Network Configurations using Attack Graph

With increasing network security threats, the network vulnerability must consider exploits in the context of multi-stage, multi-host attack scenarios. The general approach to this problem is to construct an attack graph for a given network configuration. An attack graph consists of a number of attack paths which are essentially series of exploits which an attacker employs to reach the destination. Each attack path depicts an attack scenario. As the number of attack scenarios increases, the overall security of the network reduces. Thus there is need for quantification of security level of a given network. In this paper, two security metrics, namely probabilistic security metric and attack resistance metric, have been employed to evaluate the relative security levels of various network configurations. A case study has been presented to demonstrate the applicability of the proposed approach.