An Attack Graph-Based Probabilistic Security Metric
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Distilling critical attack graph surface iteratively through minimum-cost SAT solving
Proceedings of the 27th Annual Computer Security Applications Conference
Accepting the inevitable: factoring the user into home computer security
Proceedings of the third ACM conference on Data and application security and privacy
Aggregating vulnerability metrics in enterprise networks using attack graphs
Journal of Computer Security
Hi-index | 0.00 |
Given the increasing dependence of our societies on information systems, the overall security of these systems should be measured and improved. Existing work generally focuses on measuring individual vulnerabilities instead of measuring their combined effects. Recent research has explored the application of attack graphs and probabilistic security metrics to address this challenge. However, such work usually assumes metrics of individual vulnerabilities to be independently distributed and combines them in an arbitrary manner. They cannot address more realistic cases, such as exploiting one vulnerability makes another vulnerability easier to exploit. In this paper, we propose to model probability metrics based on attack graphs as a special Bayesian Network. This approach provides a sound theoretical foundation to such metrics. It can also provide the capabilities of using conditional probabilities to address the general cases of interdependency between vulnerabilities.