A quantitative method for evaluating network security based on attack graph

Yukun Zheng, Kun Lv*, Changzhen Hu

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

8 Citations (Scopus)

Abstract

With the rapid development of network, network security issues become increasingly important. It is a tough challenge to evaluate the network security due to the increasing vulnerabilities. In this paper, we propose a quantitative method for evaluating network security based on attack graph. We quantify the importance of nodes and the maximum reachable probability of nodes, and construct a security evaluation function to calculate the security risk score. Our approach focuses on the attacker’s view and considers the most important factors that may affect the network security. The parameters we use are easily to be acquired in any network. Thus, the assessment score gotten through the evaluation function can comprehensively reflect the security level. According to the security risk value, security professionals can take appropriate countermeasures to harden the network. Experimental results prove that this model solves the security evaluation problem efficiently.

Original languageEnglish
Title of host publicationNetwork and System Security - 11th International Conference, NSS 2017, Proceedings
EditorsZheng Yan, Refik Molva, Wojciech Mazurczyk, Raimo Kantola
PublisherSpringer Verlag
Pages349-358
Number of pages10
ISBN (Print)9783319647005
DOIs
Publication statusPublished - 2017
Event11th International Conference on Network and System Security, NSS 2017 - Helsinki, Finland
Duration: 21 Aug 201723 Aug 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10394 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference11th International Conference on Network and System Security, NSS 2017
Country/TerritoryFinland
CityHelsinki
Period21/08/1723/08/17

Keywords

  • Attack graph
  • Network security
  • Risk judgement
  • Vulnerability

Fingerprint

Dive into the research topics of 'A quantitative method for evaluating network security based on attack graph'. Together they form a unique fingerprint.

Cite this

Zheng, Y., Lv, K., & Hu, C. (2017). A quantitative method for evaluating network security based on attack graph. In Z. Yan, R. Molva, W. Mazurczyk, & R. Kantola (Eds.), Network and System Security - 11th International Conference, NSS 2017, Proceedings (pp. 349-358). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10394 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-64701-2_25