Measuring network security using dynamic bayesian network
- 27 October 2008
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM)
Abstract
Given the increasing dependence of our societies on networked information systems, the overall security of these systems should be measured and improved. Existing security metrics have generally focused on measuring individual vulnerabilities without considering their combined effects. Our previous work tackle this issue by exploring the causal relationships between vulnerabilities encoded in an attack graph. However, the evolving nature of vulnerabilities and networks has largely been ignored. In this paper, we propose a Dynamic Bayesian Networks (DBNs)-based model to incorporate temporal factors, such as the availability of exploit codes or patches. Starting from the model, we study two concrete cases to demonstrate the potential applications. This novel model provides a theoretical foundation and a practical framework for continuously measuring network security in a dynamic environment.Keywords
This publication has 16 references indexed in Scilit:
- An Attack Graph-Based Probabilistic Security MetricLecture Notes in Computer Science, 2008
- Toward measuring network security using attack graphsPublished by Association for Computing Machinery (ACM) ,2007
- Measuring the Overall Security of Network Configurations Using Attack GraphsLecture Notes in Computer Science, 2007
- Minimum-cost network hardening using attack graphsComputer Communications, 2006
- Quality of protectionPublished by Association for Computing Machinery (ACM) ,2006
- Privacy intrusion detection using dynamic Bayesian networksPublished by Association for Computing Machinery (ACM) ,2006
- Interactive Analysis of Attack Graphs Using Relational QueriesLecture Notes in Computer Science, 2006
- Network vulnerability assessment using Bayesian networksPublished by SPIE-Intl Soc Optical Eng ,2005
- Efficient monitoring of safety propertiesInternational Journal on Software Tools for Technology Transfer, 2003
- Authentication metric analysis and designACM Transactions on Information and System Security, 1999