Measuring Network Security Using Bayesian Network-Based Attack Graphs. Frigault, M. & Wang, L. 2008 32nd Annual IEEE International Computer Software and Applications Conference, Ieee, 2008.
Measuring Network Security Using Bayesian Network-Based Attack Graphs [link]Paper  doi  abstract   bibtex   
Given the increasing dependence of our societies on information systems, the overall security of these systems should be measured and improved. Existing work generally focuses on measuring individual vulnerabilities instead of measuring their combined effects. Recent research has explored the application of attack graphs and probabilistic security metrics to address this challenge. However, such work usually assumes metrics of individual vulnerabilities to be independently distributed and combines them in an arbitrary manner. They cannot address more realistic cases, such as exploiting one vulnerability makes another vulnerability easier to exploit. In this paper, we propose to model probability metrics based on attack graphs as a special Bayesian Network. This approach provides a sound theoretical foundation to such metrics. It can also provide the capabilities of using conditional probabilities to address the general cases of interdependency between vulnerabilities.
@article{Frigault2008,
abstract = {Given the increasing dependence of our societies on information systems, the overall security of these systems should be measured and improved. Existing work generally focuses on measuring individual vulnerabilities instead of measuring their combined effects. Recent research has explored the application of attack graphs and probabilistic security metrics to address this challenge. However, such work usually assumes metrics of individual vulnerabilities to be independently distributed and combines them in an arbitrary manner. They cannot address more realistic cases, such as exploiting one vulnerability makes another vulnerability easier to exploit. In this paper, we propose to model probability metrics based on attack graphs as a special Bayesian Network. This approach provides a sound theoretical foundation to such metrics. It can also provide the capabilities of using conditional probabilities to address the general cases of interdependency between vulnerabilities.},
author = {Frigault, Marcel and Wang, Lingyu},
doi = {10.1109/COMPSAC.2008.88},
isbn = {978-0-7695-3262-2},
issn = {0730-3157},
journal = {2008 32nd Annual IEEE International Computer Software and Applications Conference},
keywords = {Bayesian Network-based Security Analysis},
pages = {698--703},
publisher = {Ieee},
shorttitle = {Computer Software and Applications, 2008. COMPSAC },
title = {{Measuring Network Security Using Bayesian Network-Based Attack Graphs}},
url = {http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=4591650},
year = {2008}
}
Downloads: 0