{"title":"基于漏洞依赖图的网络安全度量分析框架","authors":"P. Bhattacharya, S. K. Ghosh","doi":"10.1049/iet-ifs.2011.0103","DOIUrl":null,"url":null,"abstract":"Attack graph is a popular tool for modelling multi-staged, correlated attacks on computer networks. Attack graphs have been widely used for measuring network security risks. Majority of the works on attack graph use host-based or state-based approaches. These attack graph models are either too restrictive or too resource consuming. Also, a significant portion of these works have used ‘probability of successfully exploiting a network’ as the metric. This approach requires that the ‘probability of successfully exploiting individual vulnerabilities’ be known a priori. Finding such probabilities is inherently difficult. This present study uses exploit dependency graph, which is a space efficient and expressive attack graph model. It also associates an additive cost with executing individual exploits, and defines a security metric in terms of the ‘minimum cost required to successfully exploit the network’. The problem of calculating the said metric is proved to be NP-complete. A modified depth first branch and bound algorithm has been described for calculating it. This study also formulates, a linear-time computable, security metric in terms of the ‘expected cost required to successfully exploit the network’ assuming a random attacker model and an uncorrelated attack graph.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"102 1","pages":"264-270"},"PeriodicalIF":0.0000,"publicationDate":"2012-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Analytical framework for measuring network security using exploit dependency graph\",\"authors\":\"P. Bhattacharya, S. K. Ghosh\",\"doi\":\"10.1049/iet-ifs.2011.0103\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Attack graph is a popular tool for modelling multi-staged, correlated attacks on computer networks. Attack graphs have been widely used for measuring network security risks. Majority of the works on attack graph use host-based or state-based approaches. These attack graph models are either too restrictive or too resource consuming. Also, a significant portion of these works have used ‘probability of successfully exploiting a network’ as the metric. This approach requires that the ‘probability of successfully exploiting individual vulnerabilities’ be known a priori. Finding such probabilities is inherently difficult. This present study uses exploit dependency graph, which is a space efficient and expressive attack graph model. It also associates an additive cost with executing individual exploits, and defines a security metric in terms of the ‘minimum cost required to successfully exploit the network’. The problem of calculating the said metric is proved to be NP-complete. A modified depth first branch and bound algorithm has been described for calculating it. This study also formulates, a linear-time computable, security metric in terms of the ‘expected cost required to successfully exploit the network’ assuming a random attacker model and an uncorrelated attack graph.\",\"PeriodicalId\":13305,\"journal\":{\"name\":\"IET Inf. Secur.\",\"volume\":\"102 1\",\"pages\":\"264-270\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IET Inf. Secur.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1049/iet-ifs.2011.0103\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Inf. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1049/iet-ifs.2011.0103","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Analytical framework for measuring network security using exploit dependency graph
Attack graph is a popular tool for modelling multi-staged, correlated attacks on computer networks. Attack graphs have been widely used for measuring network security risks. Majority of the works on attack graph use host-based or state-based approaches. These attack graph models are either too restrictive or too resource consuming. Also, a significant portion of these works have used ‘probability of successfully exploiting a network’ as the metric. This approach requires that the ‘probability of successfully exploiting individual vulnerabilities’ be known a priori. Finding such probabilities is inherently difficult. This present study uses exploit dependency graph, which is a space efficient and expressive attack graph model. It also associates an additive cost with executing individual exploits, and defines a security metric in terms of the ‘minimum cost required to successfully exploit the network’. The problem of calculating the said metric is proved to be NP-complete. A modified depth first branch and bound algorithm has been described for calculating it. This study also formulates, a linear-time computable, security metric in terms of the ‘expected cost required to successfully exploit the network’ assuming a random attacker model and an uncorrelated attack graph.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
