|
Evaluating Security of Computer Networks based
on Attack Graphs and Qualitative Security Metrics
I.V. Kotenko, M.V. Stepashkin, V.S. Bogdanov
Abstract:
Approach to computer network security analysis for using both at design and operation
stages is suggested. This approach is based on generating common attack graph and using qualitative
security metrics. The graph represents possible scenarios of distributed attacks taking into account
network configuration, security policy, malefactor’s location, knowledge level and strategy. The
general architecture of the security analysis system proposed, the main concepts of common attack
graph, used security metrics taxonomies, metrics calculation rules and general security level evaluation
procedure are considered. The suggested security metrics allow to evaluate computer network
security level with different detailing level and taking into account different aspects. The implemented
software prototype is described, and examples of using the prototype for express-analysis of computer
network security level are considered.
Citation:
I.V. Kotenko, M.V. Stepashkin, V.S. Bogdanov, “Evaluating Security of Computer Networks based
on Attack Graphs and Qualitative Security Metrics”, Tr. SPIIRAN, 3:2 (2006), 30–49
Linking options:
https://www.mathnet.ru/eng/trspy232 https://www.mathnet.ru/eng/trspy/v3/i2/p30
|
Statistics & downloads: |
Abstract page: | 917 | Full-text PDF : | 382 | First page: | 1 |
|