Applying Attack Graphs to Network Security Metric
Since attack graphs provide practical attack context and relationships among vulnerabilities, researchers have been trying to evaluate network security based on attack graphs. However, previous works focus their attention on specific evaluations they concerned, and each does things in his own way. There is no explicit way telling network administrators how to measure network security in a general way. In this paper, we propose a new metric framework, whose main goal is to guide people to perform evaluations based on attack graphs. The main components of proposed metric framework include Security Index, Target of Evaluation, Elementary Attribute, Composition Algorithm, and Arithmetic operators. Relative definitions and analysis of these five components are also given. The following examples show the applications of our metric framework, and validate it.
network security attack graphs metric framework
Anming Xie Weiping Wen Li Zhang Jianbin Hu Zhong Chen
Institute of Software, School of Electronics Engineering and Computer Science, Peking University, Be School of Software and Microelectronics, Peking University, Beijing, China
国际会议
武汉
英文
427-431
2009-11-18(万方平台首次上网日期,不代表论文的发表时间)