Network Security Risk Assessment Based on Attack Graph
نویسندگان
چکیده
In order to protect the network and evaluate the network security risks automatically, a new multi-agents risk assessment model based on attack graph (MRAMBAG) is presented. First, a network risk assessment model with master-slave agents is established, especially the functional architecture of master-slave agents and the risk association relation analysis process are designed. Then, the attack path and the attack graph are constructed by using the Attract Graph Building algorithm with the input of the dynamic data information collected by components. Finally, risk indexes of attack path, components, hosts, vulnerabilities and association risk index of network nodes are calculated successively and consequently the security risk quantitative index of target networks are obtained. The experimental results demonstrate that the MRAMBAG is a more feasible and effective way for evaluate the network security risk.
منابع مشابه
Network Security Risk Assessment Based on Item Response Theory
Owing to the traditional risk assessment method has onesidedness and is difficult to reflect the real network situation, a risk assessment method based on Item Response Theory (IRT) is put forward in network security. First of all, the novel algorithms of calculating the threat of attack and the successful probability of attack are proposed by the combination of IRT model and Service Security L...
متن کاملReal-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach
Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...
متن کاملBayesian Attack Graphs for Security Risk Assessment
Attack graphs offer a powerful framework for security risk assessment. They provide a compact representation of the attack paths that an attacker can follow to compromise network resources from the analysis of the network topology and vulnerabilities. The uncertainty about the attacker’s behaviour makes Bayesian networks suitable to model attack graphs to perform static and dynamic security ris...
متن کاملAttack Graph-based Risk Assessment and Optimisation Approach
Attack graphs are models that offer significant capabilities to analyse security in network systems. An attack graph allows the representation of vulnerabilities, exploits and conditions for each attack in a single unifying model. This paper proposes a methodology to explore the graph using a genetic algorithm (GA). Each attack path is considered as an independent attack scenario from the sourc...
متن کاملA Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks
Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directl...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- JCP
دوره 8 شماره
صفحات -
تاریخ انتشار 2013