NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.
Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
An Attack Graph Based Probabilistic Security Metric
Published
Author(s)
Lingyu Wang, Tania Islam, Tao Long, Anoop Singhal, Sushil Jajodia
Abstract
To protect critical resources in today's networked environments, it is desirable to quantify the likelihood of potential multi-step attacks that combine multiple vulnerabilities. This now becomes feasible due to a model of causal relationships between vulnerabilities, namely, attack graph. This paper proposes an attack graph-based probabilistic metric for network security and studies its efficient computation. We first define the basic metric and provide an intuitive and meaningful interpretation to the metric. We then study the definition in more complex attack graphs with cycles and extend the definition accordingly. We show that computing the metric directly from its definition is not efficient in many cases and propose heuristics to improve the efficiency of such computation.
Proceedings Title
Data and Applications Security XXII (Lecture Notes in Computer Science)
Volume
5094
Conference Dates
July 13-16, 2008
Conference Location
London, UK
Conference Title
22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security
Wang, L.
, Islam, T.
, Long, T.
, Singhal, A.
and Jajodia, S.
(2008),
An Attack Graph Based Probabilistic Security Metric, Data and Applications Security XXII (Lecture Notes in Computer Science), London, UK, [online], https://doi.org/10.1007/978-3-540-70567-3_22
(Accessed October 8, 2025)