Network Security Risk Assessment Based on Attack Graph

@article{Xie2013NetworkSR,
  title={Network Security Risk Assessment Based on Attack Graph},
  author={Lixia Xie and Xiao Zhang and Jiyong Zhang},
  journal={J. Comput.},
  year={2013},
  volume={8},
  pages={2339-2347}
}
In order to protect the network and evaluate the network security risks automatically, a new multi-agents risk assessment model based on attack graph (MRAMBAG) is presented. First, a network risk assessment model with master-slave agents is established, especially the functional architecture of master-slave agents and the risk association relation analysis process are designed. Then, the attack path and the attack graph are constructed by using the Attract Graph Building algorithm with the… 

Figures and Tables from this paper

A Network Vulnerability Assessment Method Based on Attack Graph

TLDR
The experimental results show that the proposed network vulnerability assessment method can effectively assess network vulnerability and provide important decisions for network security defense.

A Security Model Based Approach for Dynamic Risk Assessment of Multi-Step Attacks in Computer Networks

  • Computer Science
  • 2021
TLDR
A security system is proposed that performs dynamic risk evaluation of multi-step attacks by considering vulnerabilities' temporal features and the continuity of the probability assessment function of the proposed method in comparison to the discrete one in CVSS, improves the score diversity.

Generation Method of Network Attack Graph Based On Greedy Heuristic Algorithm

TLDR
Experimental results show that the network attack graph generation method based on greedy heuristic algorithm can do well in network attack graphs generation, and it has a lower time complexity and good scalability.

Evaluation of computer network security using attack undirected geography

TLDR
Network security model based on attack undirected geography (AUG) is familiarized and analysis based upon association rules is presented then the attack threshold value is set from AUG in order to quantify the security threat.

An attack graph generation method based on heuristic searching strategy

TLDR
An approach to generate global attack graph based on heuristic searching strategy and the experimental results show that the proposed method can improve the efficiency of attack graph generation.

A Defense Model of Reactive Worms Based on Dynamic Time

TLDR
This paper proposes a defense model of reactiveworms based on dynamic time with full consideration of various dynamic factors that restrict the propagation of reactive worms in real networks, and deduces the crucial periods of time within a particular 24-hour day for defending against reactive worms' attack.

An Efficient and Flexible Dynamic Remote Attestation Method

  • Hongjiao LiShan Wang
  • Computer Science, Mathematics
    2014 Ninth International Conference on Broadband and Wireless Computing, Communication and Applications
  • 2014
TLDR
This paper presents a new paradigm that leverages software attack graph for dynamic remote attestation and proposes a flexible and complete execution status information collection method at operating system level.

A Large-scale Trojans Control Model Based on Layered and P2P Structure

TLDR
The experiment results have shown that the large-scale Trojan control model is effective and powerful and the load balancing of severs have been realized by peer-to-peer network which could control large scale Trojan within an acceptable range of system resources consumption.

A website security risk assessment method based on the I-BAG model

TLDR
The experimental results demonstrate that the risk evaluating method based on I-BAG model proposed is a effective way for assessing the website security risk.

References

SHOWING 1-10 OF 13 REFERENCES

A graph-based system for network-vulnerability analysis

TLDR
A graph-based tool can identify the set of attack paths that have a high probability of success (or a low effort cost) for the attacker, and is used to test the effectiveness of making configuration changes, implementing an intrusion detection system, etc.

Research on Network Node Correlation in Network Risk Assessment

TLDR
A conception of network node correlation (NNC) is introduced, a NNC taxonomy is proposed, and an example is given to illustrate the application and effect of NNC in network risk assessment.

A host-based approach to network attack chaining analysis

TLDR
This paper provides a novel alternative approach to network vulnerability analysis by utilizing a penetration tester's perspective of maximal level of penetration possible on a host, and argues that suboptimal solutions are an unavoidable cost of scalability, and hence practical utility.

Evaluating the Network and Information System Security Based on SVM Model

TLDR
A security evaluation system is established and the evaluation mechanism based on SVM algorithm and model is described, showing that the results given by this model are reliable, and this method to evaluate the network and information system security is feasible.

Automated generation and analysis of attack graphs

TLDR
This paper presents an automated technique for generating and analyzing attack graphs, based on symbolic model checking algorithms, letting us construct attack graphs automatically and efficiently.

Model-Based Vulnerability Analysis of Computer Systems

TLDR
A new model-based approach where the security-related behavior of each system component is modeled in a high-level speci cation language such as CSP or CCS has the potential to automatically seek out and identify known and as-yet-unknown vulnerabilities.

Evaluation of Network Connection Credibility based on Neural Network

TLDR
It is shown that the nonlinear relationship between the attributes and the credibility of network connections can be established by training neural-network using LM algorithm and corresponding security strategies are adopted on the basis of the evaluation values.

Two formal analyses of attack graphs

TLDR
This paper presents an algorithm for generating attack graphs using model checking as a subroutine, and provides a formal characterization of this problem, proving that it is polynomially equivalent to the minimum hitting set problem and presenting a greedy algorithm with provable bounds.

Scenario graphs and attack graphs

TLDR
This work develops formal techniques that give users flexibility in examining design errors discovered by automated analysis, and defines and analyze attack graphs, an application of scenario graphs to represent ways in which intruders attack computer networks.

Optimizing Large Query by Simulated Annealing Algorithm Based On Graph-Based Approach

TLDR
In order to avoid the deficiency resulted by the neighbors of state, and make the query optimization support complex non-inner join, the improved algorithm gives a semantics expression of query and a method of constructing the connected join pairs.