Measuring Security Risk of Networks Using Attack Graphs

##plugins.themes.academic_pro.article.sidebar##

Published Jul 1, 2010
https://doi.org/10.47164/ijngc.v1i1.8
Download
PDF
Statistic

Downloads

Download data is not yet available.

Metrics

Metrics Loading ...
Volume 1, Issue 1, Inaugural Issue 2010

##plugins.themes.academic_pro.article.main##

Steven Noel
Center for Secure Information Systems, George Mason University, Fairfax, Virginia, USA
Lingyu Wang
Concordia University, Montreal, Quebec, Canada
Anoop Singhal
National Institute of Standards and Technology, Gaithersburg, Maryland, USA
Sushil Jajodia
Center for Secure Information Systems, George Mason University, Fairfax, Virginia, USA

Abstract

Today's computer systems face sophisticated attackers who combine multiple vulnerabilities to penetrate networks with devastating impact. The overall security of a network cannot be determined by simply counting the number of vulnerabilities. To accurately assess the security of networked systems, one must understand how vulnerabilities can be combined to stage an attack. We model such composition of vulnerabilities through attack graphs. By simulating incremental network penetration, and propagating attack likelihoods, we measure the overall security of a networked system. From this, we score risk mitigation options in terms of maximizing security and minimizing cost. We populate our attack graph models from live network scans and databases that have knowledge about properties such as vulnerability likelihood, impact, severity, and ease of exploitation. Our exible model can be used to quantify overall security of networked systems, and to study cost/benefit tradeoffs for analyzing return on security investment.

##plugins.themes.academic_pro.article.details##

How to Cite
Steven Noel, Lingyu Wang, Anoop Singhal, & Sushil Jajodia. (2010). Measuring Security Risk of Networks Using Attack Graphs. International Journal of Next-Generation Computing, 1(1), 113–123. https://doi.org/10.47164/ijngc.v1i1.8
Crossref
Scopus
Google Scholar
Europe PMC

References

  1. CVSS Common Vulnerability Scoring System (CVSS)," Forum of Incident Response and Security Teams (FIRST), http : ==www:f irst:org=cvss=.
  2. Jajodia, S., and Noel, S. Topological vulnerability analysis," In Cyber Situational Awareness: Issues and Research, Sushil Jajodia, Peng Liu, Vipin Swarup, Cli Wang, eds., Springer, 2009, pages 139-154.
  3. Jaquith, A. 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt, Addison Wesley, 2007.
  4. Noel, S., and Jajodia, S., Managing Attack Graph Complexity through Visual Hierarchical Aggregation," In Proceedings of the ACM CCS Workshop on Visualization and Data Mining for Computer Security, 2004.
  5. Pamula,J. , Jajodia, S., Ammann, P., and Swarup, V. 2006 AWeakest-Adversary Security Metric for Network Con guration Security Analysis," In Proceedings of the 2nd ACM Workshop on Quality of Protection, ACM Press, 2006. SSE-CMM The Systems Security Engineering Capability Maturity Model," available at http : ==www:sse