A Quantitative Method for Evaluating Network Security Based on Attack Graph

Zheng, Yukun; Lv, Kun; Hu, Changzhen

doi:10.1007/978-3-319-64701-2_25

Cited by 6 publications

(3 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [27], [28], PageRank [29] was utilized to evaluate the importance of nodes or states in an attack graph, which will improve the readability of the attack graph. In [5], the maximum reachable possibility of nodes based on the graph-based inference algorithm [30] were evaluated. The above studies conducted detailed analyses based on attack graphs.…”

Section: B the Attack Graph-based Methodsmentioning

confidence: 99%

“…The attack graph-based method represents attack scenarios by showing possible attack paths from the attackers to the target. Many researchers have assessed network risks and modeled network threats based on attack graphs [5], [6]. The analysis of an attack graph will facilitate identifying critical exploitations of vulnerabilities, assets, and vulnerable configurations.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Vulnerability Risk Assessment Method Based on Heterogeneous Information Network

et al. 2020

View full text Add to dashboard Cite

Due to the increasing number of network security vulnerabilities, vulnerability risk assessment must be performed to prioritize the repair of high-risk vulnerabilities. Traditional vulnerability risk assessment is based primarily on the Common Vulnerability Scoring Systems (CVSS) and attack graphs. Nevertheless, the CVSS metrics ignore the impact of the vulnerability on the specific network, which accounts that the identical vulnerability exists in different network environments is assigned repeated values. Additionally, the attack graphs still suffer from scalability and readability issues. To solve the above problems, a ranking method based on the heterogeneous information network is innovatively proposed to assess the vulnerability risk in a specific network. It considers the exploitability of a vulnerability, the impact of a vulnerability on the network components, and the importance of the vulnerable components. First, a heterogeneous information network containing vulnerability and host and the relationships between host and host is constructed to compute the risk score for each vulnerability and implement the ranking process. Second, a model extension method is proposed to adapt to situations in which additional factors related to vulnerability risk assessment need to be considered. Finally, we explore two case studies to compare the proposed method with CVSS and attack graph-based methods. The simulation results show that the proposed method can accurately assess the risk of vulnerabilities in a specific network environment and that it has a lower computational complexity than other methods. INDEX TERMS Common vulnerability scoring systems (CVSS), vulnerability, risk assessment, information fusion, heterogeneous information network.

show abstract

Section: B the Attack Graph-based Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A Vulnerability Risk Assessment Method Based on Heterogeneous Information Network

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Reference 26 proposed to adjust the threat level according to the attacker's attack intention. Research, 27 on the other hand, presented a quantitative assessment method of network security from the importance of a node and its maximum reachability, and calculated the security risk value of the system by constructing a security assessment algorithm. Niakanlahiji et al 28 reported an approach that can predict IP addresses that are likely to be used in malicious activities.…”

Section: Active Defensementioning

confidence: 99%

An active defense model based on situational awareness and firewalls

Xiao

et al. 2023

Concurrency and Computation

View full text Add to dashboard Cite

With the rapid development of the internet, cyberspace security issues have become increasingly prominent. The importance of constructing a cyberspace security system is self-evident, but compared with attackers, defenders in cyberspace are in a castle-like passive defense state in most cases. Therefore, building a reliable, accurate, timely, and active defense system is challenging. The key is to accurately focus on defense priorities, the anticipation of attackers who will likely succeed, and blocking attacks in a timely manner. In this article, we propose an active defense model based on the interaction of situational awareness and firewalls. First, by biasing the integrity, confidentiality, and availability of assets to get the score of assets, and using the Common Vulnerability Scoring System to assess the threat level of assets, we combine the two to determine the maximum system damage that the asset will suffer if it is lost, and then focus on defense. Meanwhile, log analysis of the network situational awareness platform can predict successful attackers, and then the linked firewall strategy can block these attacks in time before the attackers obtain attack gains. After that, we force the attackers to give up their attacks on the target by increasing the attack cost.We compared our model with iptables auto-blocking and nginx auto-blocking, and our model excelled them across the board in terms of comprehensiveness and false positive rate. The experimental results verify thar our active defense model proposed in this article can better reduce the defense cost and increase the attack cost, thus achieving the relatively defense goal. K E Y W O R D Sactive defense, cyber attack and defense, defense cost, game theory INTRODUCTIONWith the development of information technology, cyberspace has become the fifth space after "land, sea, air, and sky", and the security of cyberspace is directly related to the sovereign security of the country. Cyber attack and defense have become hot spots in current cybersecurity research. The objectives of cyber attackers include collecting information about a target, paralyzing the target service, entering the target and stealing data, while the objectives of cyber defenders are to keep the service running normally and stop attackers. Scanning of the target system is something that a cyber attacker must do before launching cyber attacks, which helps the attacker gain access to exploitable vulnerabilities in the target system to compromise the network. The purpose of such a scan is to understand the configurations of target systems, including but not limited to the target system's operating system, IP address, running services, software versions, existing common vulnerabilities & exposures(CVEs), weak passwords, and so on. How to prevent attackers from obtaining the scan results or prevent the attacker from using the scan results for other benefits is the goal

show abstract

A Network Security Situational Awareness Framework Based on Situation Fusion

Zhuang

2021

Security, Privacy, and Anonymity in Computation, Communication, and Storage

View full text Add to dashboard Cite

A Quantitative Method for Evaluating Network Security Based on Attack Graph

Cited by 6 publications

References 12 publications

A Vulnerability Risk Assessment Method Based on Heterogeneous Information Network

A Vulnerability Risk Assessment Method Based on Heterogeneous Information Network

An active defense model based on situational awareness and firewalls

A Network Security Situational Awareness Framework Based on Situation Fusion

Contact Info

Product

Resources

About