Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Author(s):||Lingyu Wang; Tania Islam; Tao Long; Anoop Singhal; Sushil Jajodia;|
|Title:||An Attack Graph Based Probabilistic Security Metric|
|Published:||July 16, 2008|
|Abstract:||To protect critical resources in today's networked environments, it is desirable to quantify the likelihood of potential multi-step attacks that combine multiple vulnerabilities. This now becomes feasible due to a model of causal relationships between vulnerabilities, namely, attack graph. This paper proposes an attack graph-based probabilistic metric for network security and studies its efficient computation. We first define the basic metric and provide an intuitive and meaningful interpretation to the metric. We then study the definition in more complex attack graphs with cycles and extend the definition accordingly. We show that computing the metric directly from its definition is not efficient in many cases and propose heuristics to improve the efficiency of such computation.|
|Conference:||22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security|
|Proceedings:||Data and Applications Security XXII (Lecture Notes in Computer Science)|
|Pages:||pp. 283 - 296|
|Dates:||July 13-16, 2008|
|Keywords:||graphs, network security, security metrics, vulnerability assessment|
|DOI:||http://dx.doi.org/10.1007/978-3-540-70567-3_22 (Note: May link to a non-U.S. Government webpage)|