Decision centric identification and rank ordering of security metrics

Abstract

A network has several attributes which play a role in determining the security of the network and its robustness to external threats. These attributes are related to security through a complex nonlinear function which is generally unknown to the network management personnel. Since the network security is an explicit function of these attributes, the managers do not realize when the value of a certain attribute has become critical to the point of threatening network security. In this paper we take a theoretically rigorous approach to quantifying the effect each of the individual attributes has on the network. By using ideas from probability and decision theory, we can order the significant factors determining network security. This is similar to dimensionality reduction which is commonly employed for model based identification methods. Based on our analysis we can come up with critical coefficients which must be maintained by the administrator if the network is to remain secure to external threats. We show how the mathematical framework leads to the prediction of network's security health, and how real world data can be used to substantiate these claims. Paper concludes by validating our results on a list of compromised machine and determining if our identified metrics played the significant role in the infection.