Masoud Khosravi-Farmad, Razieh Rezaee, A. Harati, A. G. Bafghi
{"title":"基于贝叶斯决策网络的网络安全风险缓解","authors":"Masoud Khosravi-Farmad, Razieh Rezaee, A. Harati, A. G. Bafghi","doi":"10.1109/ICCKE.2014.6993444","DOIUrl":null,"url":null,"abstract":"Network security risk assessment and mitigation are two processes in the risk management framework which need to be done accurately to improve the overall security level of a network. In this paper, in order to increase the accuracy of vulnerability exploitation probability estimation in the risk assessment phase, in addition to inherent characteristics of vulnerabilities, their temporal characteristics are also considered. In the risk mitigation phase, Bayesian decision networks are used to model interconnections between vulnerabilities that enable the attacker to achieve a particular goal, the security countermeasures covering these vulnerabilities, their cost of implementation and resulted outcome. Using Bayesian decision networks, our approach yields scalability and integration of risk assessment and mitigation processes. A cost-benefit analysis is done to identify the minimum-cost hardening security measures in situations where the allocated budget for network security hardening is limited. The experimental results show that the proposed method effectively improves the security level of a test network in terms of determining the optimal security risk mitigation plans.","PeriodicalId":152540,"journal":{"name":"2014 4th International Conference on Computer and Knowledge Engineering (ICCKE)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Network security risk mitigation using Bayesian decision networks\",\"authors\":\"Masoud Khosravi-Farmad, Razieh Rezaee, A. Harati, A. G. Bafghi\",\"doi\":\"10.1109/ICCKE.2014.6993444\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Network security risk assessment and mitigation are two processes in the risk management framework which need to be done accurately to improve the overall security level of a network. In this paper, in order to increase the accuracy of vulnerability exploitation probability estimation in the risk assessment phase, in addition to inherent characteristics of vulnerabilities, their temporal characteristics are also considered. In the risk mitigation phase, Bayesian decision networks are used to model interconnections between vulnerabilities that enable the attacker to achieve a particular goal, the security countermeasures covering these vulnerabilities, their cost of implementation and resulted outcome. Using Bayesian decision networks, our approach yields scalability and integration of risk assessment and mitigation processes. A cost-benefit analysis is done to identify the minimum-cost hardening security measures in situations where the allocated budget for network security hardening is limited. The experimental results show that the proposed method effectively improves the security level of a test network in terms of determining the optimal security risk mitigation plans.\",\"PeriodicalId\":152540,\"journal\":{\"name\":\"2014 4th International Conference on Computer and Knowledge Engineering (ICCKE)\",\"volume\":\"22 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-12-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 4th International Conference on Computer and Knowledge Engineering (ICCKE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCKE.2014.6993444\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 4th International Conference on Computer and Knowledge Engineering (ICCKE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCKE.2014.6993444","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Network security risk mitigation using Bayesian decision networks
Network security risk assessment and mitigation are two processes in the risk management framework which need to be done accurately to improve the overall security level of a network. In this paper, in order to increase the accuracy of vulnerability exploitation probability estimation in the risk assessment phase, in addition to inherent characteristics of vulnerabilities, their temporal characteristics are also considered. In the risk mitigation phase, Bayesian decision networks are used to model interconnections between vulnerabilities that enable the attacker to achieve a particular goal, the security countermeasures covering these vulnerabilities, their cost of implementation and resulted outcome. Using Bayesian decision networks, our approach yields scalability and integration of risk assessment and mitigation processes. A cost-benefit analysis is done to identify the minimum-cost hardening security measures in situations where the allocated budget for network security hardening is limited. The experimental results show that the proposed method effectively improves the security level of a test network in terms of determining the optimal security risk mitigation plans.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
