Measuring Network Security Using Bayesian Network-Based Attack Graphs

10 years 4 months ago
Measuring Network Security Using Bayesian Network-Based Attack Graphs
Given the increasing dependence of our societies on information systems, the overall security of these systems should be measured and improved. Existing work generally focuses on measuring individual vulnerabilities instead of measuring their combined effects. Recent research has explored the application of attack graphs and probabilistic security metrics to address this challenge. However, such work usually assumes metrics of individual vulnerabilities to be independently distributed and combines them in an arbitrary manner. They cannot address more realistic cases, such as exploiting one vulnerability makes another vulnerability easier to exploit. In this paper, we propose to model probability metrics based on attack graphs as a special Bayesian Network. This approach provides a sound theoretical foundation to such metrics. It can also provide the capabilities of using conditional probabilities to address the general cases of interdependency between vulnerabilities.
Marcel Frigault, Lingyu Wang
Added 29 May 2010
Updated 29 May 2010
Type Conference
Year 2008
Authors Marcel Frigault, Lingyu Wang
Comments (0)