An Attack Graph-Based Probabilistic Security Metric

13 years 5 months ago

Download users.encs.concordia.ca

To protect critical resources in today’s networked environments, it is desirable to quantify the likelihood of potential multi-step attacks that combine multiple vulnerabilities. This now becomes feasible due to a model of causal relationships between vulnerabilities, namely, attack graph. This paper proposes an attack graph-based probabilistic metric for network security and studies its efﬁcient computation. We ﬁrst deﬁne the basic metric and provide an intuitive and meaningful interpretation to the metric. We then study the deﬁnition in more complex attack graphs with cycles and extend the deﬁnition accordingly. We show that computing the metric directly from its deﬁnition is not efﬁcient in many cases and propose heuristics to improve the efﬁciency of such computation.

Lingyu Wang, Tania Islam, Tao Long, Anoop Singhal,

Real-time Traffic

Attack Graphs | Database | DBSEC 2007 | DBSEC 2008 | Graph-based Probabilistic Metric | Metric |

claim paper

» Belief in Information Flow

» Toward measuring network security using attack graphs

» Measuring Network Security Using Bayesian NetworkBased Attack Graphs

» A Combinatorial Approach to Measuring Anonymity

» Routing amid Colluding Attackers

» The bayesian traffic analysis of mix networks

» A Framework for the Analysis of MixBased Steganographic File Systems

» Reconciling Belief and Vulnerability in Information Flow

Post Info
More Details (n/a)

Added	09 Nov 2010
Updated	09 Nov 2010
Type	Conference
Year	2008
Where	DBSEC
Authors	Lingyu Wang, Tania Islam, Tao Long, Anoop Singhal, Sushil Jajodia

Comments (0)

Sciweavers

An Attack Graph-Based Probabilistic Security Metric

Attack Graphs | Database | DBSEC 2007 | DBSEC 2008 | Graph-based Probabilistic Metric | Metric |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers