Models and tools for quantitative assessment of operational security
Information systems security
A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security
IEEE Transactions on Software Engineering
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
A Host-Based Approach to Network Attack Chaining Analysis
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Rule-based topological vulnerability analysis
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Toward measuring network security using attack graphs
Proceedings of the 2007 ACM workshop on Quality of protection
An Attack Graph-Based Probabilistic Security Metric
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Measuring network security using dynamic bayesian network
Proceedings of the 4th ACM workshop on Quality of protection
Optimal IDS Sensor Placement and Alert Prioritization Using Attack Graphs
Journal of Network and Systems Management
Techniques for enterprise network security metrics
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Maximizing network security given a limited budget
The Fifth Richard Tapia Celebration of Diversity in Computing Conference: Intellect, Initiatives, Insight, and Innovations
Quantified security is a weak hypothesis: a critical survey of results and assumptions
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Measuring the overall security of network configurations using attack graphs
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Formal approach to security metrics.: what does "more secure" mean for you?
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
k-zero day safety: measuring the security risk of networks against unknown attacks
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Using strategy objectives for network security analysis
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Objective Risk Evaluation for Automated Security Management
Journal of Network and Systems Management
Formal analysis of security metrics and risk
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
An ACO based approach for detection of an optimal attack path in a dynamic environment
ICDCN'10 Proceedings of the 11th international conference on Distributed computing and networking
A planner-based approach to generate and analyze minimal attack graph
Applied Intelligence
A move in the security measurement stalemate: elo-style ratings to quantify vulnerability
Proceedings of the 2012 workshop on New security paradigms
A model for quantitative security measurement and prioritisation of vulnerability mitigation
International Journal of Security and Networks
Aggregating vulnerability metrics in enterprise networks using attack graphs
Journal of Computer Security
| Hi-index | 0.00 |
A security metric measures or assesses the extent to which a system meets its security objectives. Since meaningful quantitative security metrics are largely unavailable, the security community primarily uses qualitative metrics for security. In this paper, we present a novel quantitative metric for the security of computer networks that is based on an analysis of attack graphs. The metric measures the security strength of a network in terms of the strength of the weakest adversary who can successfully penetrate the network. We present an algorithm that computes the minimal sets of required initial attributes for the weakest adversary to possess in order to successfully compromise a network; given a specific network configuration, set of known exploits, a specific goal state, and an attacker class (represented by a set of all initial attacker attributes). We also demonstrate, by example, that diverse network configurations are not always beneficial for network security in terms of penetrability.