Evaluating Security of Computer Networks based on Attack Graphs and Qualitative Security Metrics
Abstract
Approach to computer network security analysis for using both at design and operation stages is suggested. This approach is based on generating common attack graph and using qualitative security metrics. The graph represents possible scenarios of distributed attacks taking into account network configuration, security policy, malefactor’s location, knowledge level and strategy. The general architecture of the security analysis system proposed, the main concepts of common attack graph, used security metrics taxonomies, metrics calculation rules and general security level evaluation procedure are considered. The suggested security metrics allow to evaluate computer network security level with different detailing level and taking into account different aspects. The implemented software prototype is described, and examples of using the prototype for express-analysis of computer network security level are considered.References
Published
2006-04-01
How to Cite
Kotenko, Stepashkin, & Bogdanov,. (2006). Evaluating Security of Computer Networks based on Attack Graphs and Qualitative Security Metrics. SPIIRAS Proceedings, 2(3), 30-49. https://doi.org/10.15622/sp.3.2
Section
Articles
Authors who publish with this journal agree to the following terms:
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
