Noel, S.
, Wang, L.
, Singhal, A.
and Jajodia, S.
(2010),
Measuring Security Risk of Networks Using Attack Graphs, International Journal of Next Generation Computing
(Accessed April 22, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Measuring Security Risk of Networks Using Attack Graphs
Published
Author(s)
Steven Noel, Lingyu Wang, , Sushil Jajodia
Abstract
Today's computer systems face sophisticated attackers who combine multiple vulnerabilities to penetrate networks with devastating impact. The overall security of a network cannot be determined by simply counting the number of vulnerabilities. To accurately assess the security of networked systems, one must understand how vulnerabilities can be combined to stage an attack. We model such composition of vulnerabilities through attack graphs. By simulating incremental network penetration, and propagating attack likelihoods, we measure the overall security of a networked system. From this, we score risk mitigation options in terms of maximizing security and minimizing cost. We populate our attack graph models from live network scans and databases that have knowledge about properties such as vulnerability likelihood, impact, severity, and ease of exploitation. Our flexible model can be used to quantify overall security of networked systems, and to study cost/benefit tradeoffs for analyzing return on security investment.Citation
International Journal of Next Generation Computing
Volume
1
Issue
1
Pub Type
Journals
Keywords
attack graphs, network security, security metrics
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.
Created July 13, 2010, Updated October 12, 2021