平均入侵时间和vea - ability安全指标在计算机网络安全审计中的应用

2014 8th International Conference on Telecommunication Systems Services and Applications (TSSA) Pub Date : 2014-10-01 DOI:10.1109/TSSA.2014.7065960

E. Husni, Yustika Kurniati

{"title":"平均入侵时间和vea - ability安全指标在计算机网络安全审计中的应用","authors":"E. Husni, Yustika Kurniati","doi":"10.1109/TSSA.2014.7065960","DOIUrl":null,"url":null,"abstract":"This study focuses on the application of security metrics to a computer network. Mean Time-to-Compromise (MTTC) metric and VEA-bility metric are selected for this study. MTTC is calculated using a set of equations based on the known vulnerabilities of the system. VEA-bility is selected because it uses CVSS that has a wide coverage of security aspects. The input data for both metrics are obtained from Nessus, a network security tool. Both metrics give numerical results which are simple to comprehend to average clients. The purpose of this study are to calculate MTTC and VEA-bility values of the network, to compare the security level of different network configurations, also to compare the feasibility and convenience of using both metrics. The results of the study can be used as recommendations for network security assessment and references to determine policies relating to computer network management.","PeriodicalId":169550,"journal":{"name":"2014 8th International Conference on Telecommunication Systems Services and Applications (TSSA)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Application of Mean Time-to-Compromise and VEA-bility security metrics in auditing computer network security\",\"authors\":\"E. Husni, Yustika Kurniati\",\"doi\":\"10.1109/TSSA.2014.7065960\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This study focuses on the application of security metrics to a computer network. Mean Time-to-Compromise (MTTC) metric and VEA-bility metric are selected for this study. MTTC is calculated using a set of equations based on the known vulnerabilities of the system. VEA-bility is selected because it uses CVSS that has a wide coverage of security aspects. The input data for both metrics are obtained from Nessus, a network security tool. Both metrics give numerical results which are simple to comprehend to average clients. The purpose of this study are to calculate MTTC and VEA-bility values of the network, to compare the security level of different network configurations, also to compare the feasibility and convenience of using both metrics. The results of the study can be used as recommendations for network security assessment and references to determine policies relating to computer network management.\",\"PeriodicalId\":169550,\"journal\":{\"name\":\"2014 8th International Conference on Telecommunication Systems Services and Applications (TSSA)\",\"volume\":\"30 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 8th International Conference on Telecommunication Systems Services and Applications (TSSA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TSSA.2014.7065960\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 8th International Conference on Telecommunication Systems Services and Applications (TSSA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TSSA.2014.7065960","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

本研究的重点是安全度量在计算机网络中的应用。本研究选择平均入侵时间(MTTC)指标和vea - ability指标。MTTC是基于系统已知漏洞的一组方程来计算的。选择vea - ability是因为它使用具有广泛安全方面覆盖范围的CVSS。这两个指标的输入数据都是从网络安全工具Nessus获得的。这两个指标给出的数值结果对普通客户来说都很容易理解。本研究的目的是计算网络的MTTC和vea - ability值，比较不同网络配置的安全级别，并比较使用这两种指标的可行性和便利性。研究结果可作为网络安全评估的建议和参考，以确定有关计算机网络管理的政策。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Application of Mean Time-to-Compromise and VEA-bility security metrics in auditing computer network security

This study focuses on the application of security metrics to a computer network. Mean Time-to-Compromise (MTTC) metric and VEA-bility metric are selected for this study. MTTC is calculated using a set of equations based on the known vulnerabilities of the system. VEA-bility is selected because it uses CVSS that has a wide coverage of security aspects. The input data for both metrics are obtained from Nessus, a network security tool. Both metrics give numerical results which are simple to comprehend to average clients. The purpose of this study are to calculate MTTC and VEA-bility values of the network, to compare the security level of different network configurations, also to compare the feasibility and convenience of using both metrics. The results of the study can be used as recommendations for network security assessment and references to determine policies relating to computer network management.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 8th International Conference on Telecommunication Systems Services and Applications (TSSA)

自引率

0.00%

发文量