Yunpeng Li,Xi Li

DOI: https://doi.org/10.1155/2021/9921731

2021-05-07

Scientific Programming

Abstract:With the rapid development of the Internet, network attacks often occur, and network security is widely concerned. Searching for practical security risk assessment methods is a research hotspot in the field of network security. Network attack graph model is an active detection technology for the attack path. From the perspective of the attacker, it simulated the whole network attack scenario and then presented the dependency among the vulnerabilities in the target network in the way of directed graph. It is an effective tool for analyzing network vulnerability. This paper describes in detail the common methods and tools of network security assessment and analyzes the construction of theoretical model of attack graph, the optimization technology of attack graph, and the research status of qualitative and quantitative analysis technology of attack graph in network security assessment. The attack graph generated in the face of large-scale network is too complex to find the key vulnerability nodes accurately and quickly. Optimizing the attack graph and solving the key attack set can help the security manager better understand the security state of the nodes in the network system, so as to strengthen the security defense ability and guarantee the security of the network system. For all kinds of loop phenomena of directed attribute attack graph, the general method of eliminating loop is given to get an acyclic attack graph. On the basis of acyclic attack graph, an optimization algorithm based on path complexity is proposed, which takes atomic attack distance and atomic weight into consideration, and on the basis of simplified attack graph, minimum-cost security reinforcement is carried out for the network environment. Based on the ant colony algorithm, the adaptive updating principle of changing pheromone and the local searching strategy of the adaptive genetic algorithm are proposed to improve the ant colony algorithm. The experimental results show that compared with the ant colony algorithm, the improved ant colony algorithm can speed up the process of solving the optimal solution. When the number of attack paths is large, the advantages of the improved ant colony algorithm in solving accuracy and late search speed are more obvious, and it is more suitable for large-scale networks.

computer science, software engineering

Yukun Zheng,Kun Lv,Changzhen Hu

DOI: https://doi.org/10.1007/978-3-319-64701-2_25

2017-01-01

Abstract:With the rapid development of network, network security issues become increasingly important. It is a tough challenge to evaluate the network security due to the increasing vulnerabilities. In this paper, we propose a quantitative method for evaluating network security based on attack graph. We quantify the importance of nodes and the maximum reachable probability of nodes, and construct a security evaluation function to calculate the security risk score. Our approach focuses on the attacker's view and considers the most important factors that may affect the network security. The parameters we use are easily to be acquired in any network. Thus, the assessment score gotten through the evaluation function can comprehensively reflect the security level. According to the security risk value, security professionals can take appropriate countermeasures to harden the network. Experimental results prove that this model solves the security evaluation problem efficiently.

Haihui Ge,Gu, L.,Yixian Yang,Kewei Liu

DOI: https://doi.org/10.1109/icitis.2010.5688764

2010-01-01

Abstract:To evaluate the security situation of hierarchical network, a novel evaluation algorithm based on the method of constructing a security risk function is proposed. The proposed algorithm is the aggregation of qualitative evaluation and quantitative evaluation. We quantify the asset loss (AL) and the threat value of each attack step (TVA) basing on attack graph, and adjust the loss of assets that are of the same type and have different uses with coefficient of asset importance (CAI). Then, we construct a risk evaluation function which is based on the above three parameters. Thus, the assessment score gotten through the evaluation function can comprehensively reflect the risk value including loss, threat of an attack step, and importance of the suffering entity. Finally, we get the risk value by fusing all subnets' risk value in one area, and divide the risk value into 4 security levels. Seen from the case study, the model solves the security evaluation problem for hierarchical network simply and efficiently.

MA Jun-chun,WANG Yong-jun,SUN Ji-yin,CHEN Shan

DOI: https://doi.org/10.3969/j.issn.1001-3695.2012.03.082

2012-01-01

Abstract:In order to improve networks' total security,this paper presented a novel method of assessing network security based on attack graphs.Firstly,it proposed a definition of vulnerability dependence graph based on attack graphs.Secondly,it divided the factors which impact network vulnerability assessment into three parts: the vulnerability character by itself,the network environment and the relationship between vulnerabilities.Finally,according to the size of network topology,using the evaluation policy from bottom to top and from local to global,it gave the vulnerability assessment intuitively in three levels: the vulnerability,the host and the network.Through a large number of repeated laboratory tests,the experimental results show that this method can assess network security efficiently,help network security managers guard the network,which improves networks viability,and improves the ability of responding to sudden attacks.So it has great theoretical value,economic value and social significance.

Yinqian Zhang,Xun Fan,Zhi Xue,Hao Xu

DOI: https://doi.org/10.1109/icycs.2008.406

2008-01-01

Abstract:Multiple-prerequisite graph (MP graph) is a type of attack graph that has been developed to help defending large scale enterprise network. As a middle-level attack graph, it has its unique advantages. However, quantitative security evaluations based on MP graph has not been proposed yet. In this paper, we present two stochastic models for quantitative security evaluation using MP graphs. These models are constructed based on the use of Markov Decision Process to model the attackerpsilas behaviors. The network administrators can use these two models respectively to evaluate security metrics at network designing stage and network defending stage.

Fangfang Dai,Kangfeng Zheng,Shoushan Luo,Bin Wu

DOI: https://doi.org/10.1109/ICC.2015.7249473

2015-01-01

Abstract:Exploit attacks have been one of the major threats to computer network systems, the damage of which has been extensively studied and numerous countermeasures have been proposed to defend against them. In this work, we propose a multiobjective optimization framework to facilitate evaluation of network security under exploit attacks. Our approach explores a promising avenue of integrating attack graph methodology to evaluate network security. In particular, we innovatively utilize attack graph based security metrics to model exploit attacks and dynamically measure security risk under these attacks. Then a multiobjective problem is formulated to maximize network exploitability and security impact under feasible exploit compositions. Furthermore, an artificial immune algorithm is employed to solve the formulated problem. We conduct a series of simulation experiments on hypothetical network models to testify the performance of proposed mechanism. Simulation results show that our approach can innovatively solve the security evaluation problem under multiple decision variables with feasibility and effectiveness.

Zhaocui Li,Huichuan Liu,Chunyan Wu

DOI: https://doi.org/10.1080/23742917.2022.2120293

2022-09-10

Journal of Cyber Security Technology

Abstract:The traditional security detection and defense methods are relatively backward, and there are many problems, such as high false alarm and missed alarm rate, and detection lag, which have been difficult to meet the requirements of computer security defense. In order to strengthen the active defense of computer network security and improve the classification and prediction performance of computer network security events, a computer network security risk assessment model based on mrmr Ig feature selection model and attack graph model is proposed. The mrmr Ig feature selection model is used to classify the characteristics of security events, and the hidden Markov chain model and attack graph model are used to predict the attack intention. The experimental results show that the classification accuracy rate of the model is 99.79%, the false alarm rate and the false alarm rate are 0.11% and 0.18%, respectively. The model can accurately predict attacks in real time, and can provide reference for timely taking targeted computer network security reinforcement and active defense measures.

Wenhui Hu,Long Zhang,Xueyang Liu,Yu Huang,Minghui Zhang,Liang Xing

DOI: https://doi.org/10.1109/bigdatasecurity-hpsc-ids49724.2020.00033

2020-01-01

Abstract:In view of the problem that the overall security of the network is difficult to evaluate quantitatively, we propose the edge authority attack graph model, which aims to make up for the traditional dependence attack graph to describe the relationship between vulnerability behaviors. This paper proposed a network security metrics based on probability, and proposes a network vulnerability algorithm based on vulnerability exploit probability and attack target asset value. Finally, a network security reinforcement algorithm with network vulnerability index as the optimization target is proposed based on this metric algorithm.

Anming Xie,Weiping Wen,Li Zhang,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/MINES.2009.136

2009-01-01

Abstract:Since attack graphs provide practical attack context and relationships among vulnerabilities, researchers have been trying to evaluate network security based on attack graphs. However, previous works focus their attention on specific evaluations they concerned, and each does things in his own way. There is no explicit way telling network administrators how to measure network security in a general way. In this paper, we propose a new metric framework, whose main goal is to guide people to perform evaluations based on attack graphs. The main components of proposed metric framework include security index, target of evaluation, elementary attribute, composition algorithm, and arithmetic operators. Relative definitions and analysis of these five components are also given. The following examples show the applications of our metric framework, and validate it.

Anmin Xie,Cong Tang,Nike Gui,Zhuhua Cai,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ICC.2010.5502655

2010-01-01

Abstract:To protect our networks against malicious intrusions, we need to evaluate these networks security. Previous works on attack graphs have provided meaningful conclusions on security measurement. However, large attack graphs are still hard to be understood vividly, and few suggestions have been proposed to prevent inside malicious attackers from attacking networks. To address these problems, we propose a novel approach to evaluate network security based on adjacency matrixes, which are constructed from existing attack graphs. With our model, we use gray scale images to show overall security vividly, and get quantitative evaluation scores. Moreover, we create a prioritized list of potential threatening hosts, which can help network administrators to harden network step by step. Analysis on computation cost shows that the upper bound computation cost of our measurement methodology is O(N3), which could be completed in real time. We also give an example to show how to put our methods in practice.

Dapeng Man,Yang Wu,Yongtian Yang,Wei Wang,Lejun Zhang

DOI: https://doi.org/10.1109/cis.2007.75

2007-01-01

Abstract:The existing network security assessment models have the problems of inadequate capacity of quantitative analysis and lacking for vulnerabilities correlation. To address these problems, a hierarchical network security evaluation model is proposed. The network is divided into vulnerability level, service level, equipment level and network level. The model uses attack graph to correlate the network vulnerabilities, and then calculates the probabilities of successfully exploiting the vulnerabilities. On this basis, the quantitative risks of each level are calculated. Since this model much more accords with the features of network structure, it is an effectively guidance for the network administrators to develop and improve the network security policies.

XU Li,YUAN Yi,XUE Zhi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2011.04.020

2011-01-01

Abstract:A large amount of security loophole is one of the important causes leading to the severe general security situation. The study on network security assessment is thus of significant practical importance. This paper describes in detail the method for building up the attack graph model, and gives an auto-generating algorithm of attack graph. An approach by using mathematic model to analyze attack graph for security assessment of network is proposed. With a virtual network environment, the method is verified. The proposed approach is of practical significance in the Study of attack graph.

Yexia Cheng,Yuejin Du,Junfeng Xu,Chunyang Yuan,Zhi Xue

DOI: https://doi.org/10.1109/ccis.2012.6664448

2012-01-01

Abstract:Cloud computing is becoming more and more popular and its security is arising as well. In order to solve security issues and take security evaluation in cloud computing, its corresponding hierarchical security design model is introduced and an approach of security evaluation based on attack graph is proposed in cloud computing environment. Firstly, network threat model and automatic methods are presented to get information for generating attack graph automatically. By using symbolic model checking algorithm, attack graph is generated and visualized. Then, by combining the characteristics of Markov Chain with attack graph, two security evaluation metrics are proposed in cloud computing. They can be used for security evaluation, security hardness and give security suggestions in cloud computing.

Chengyi Cai,Yiheng Zhang,Zhiping Wang,Chongxiang Xue

DOI: https://doi.org/10.1109/siprocess.2019.8868357

2019-01-01

Abstract:As information security has become an increasingly significant issue, it is urgent to take some methods to prevent illegal network attacks. In this paper, a new model for securing network based on attack graph is proposed. Considering both views of attackers and network security engineers, our model contains attack prediction and network fixing strategies. By generating attack graph, our model is developed based on shortest path method and minimal cut theorem, and it can be adopted to figure out possible attacks, unguarded permissions and vulnerabilities to be fixed in the network. Through simulation tests and comparisons, our model is demonstrated to possess certain reliability and suit small-scale networks.

Zhiming Liu,Sheng Li,Jin He,Di Xie,Zhantao Deng

DOI: https://doi.org/10.1109/imccc.2012.50

2012-01-01

Abstract:Today's computer systems face lots of challenges in the fast rate of emerging security problems. To accurately assess the security of computer network systems, one must understand how vulnerabilities can be combined to stage an attack. Attack graphs are important tools for analyzing security vulnerabilities in enterprise networks. However, the complexity of traditional method for generating attack graphs increases dramatically as the network size grows. To solve this problem, the efficiency of attack graph generation method must be improved. Based on the analysis of generation approaches to attack graphs, an attack graph generation method for complex network is proposed in this paper. In this method, the network framework and key nodes can be analyzed and searched by loopholes scanning firstly. Then, starting from these key nodes, the algorithm which combined greedy policy, forward exploration and backward searching is used to generate the attack graph. Experimental results prove that the model can make a comprehensive analysis on network security and research the estimation of network attack.

CHENG Ye-xia,JIANG Wen,XUE Zhi,CHENG Ye-yan

DOI: https://doi.org/10.3969/j.issn.1002-0802.2012.09.028

2012-01-01

Abstract:In order to strengthen the security of network and carry out analysis and assessment of network threats,and based on the characteristics of attack graph,an automatic network threats modeling method for attack graph is proposed.Before generating attack graph,the network threats model is abstracted,including the information of four components such as host,topology,vulnerability and attacker.Then in accordance with the network threats model,the automatic modeling method and its automatic flow are given.Based on these and model checking algorithm,and in combination of Büchi model and CTL description,the attack graph is generated.The research could lay a foundation for the application of attack graph.

Yang Wu,Yang Yongtian,Zhou Yuan,Zhang Bing

DOI: https://doi.org/10.3772/j.issn.1002-0470.2009.02.006

2009-01-01

Abstract:The paper points out that traditional quantitative methods for network security assessment usually lead to the inaccurate assessment results because they neglect the vulnerability correlation in networks and the security requirements of target hosts, and based on the analysis of this, proposes a new one which considers the vulnerability correlation and security requirements. The proposed method uses the attack graph to calculate the probability of network attackers' successful exploitation of the vulnerabilities, and based on this, calculates the effects of the vulnerabilities on the availability, confidentiality and integrity of the hosts. Finally, it assesses the security of the hosts and the network according to the security requirements. The analysis of the example indicates that the acquired assessing results by using this method are more accurate than the traditional methods.

Seyed Mahmood Hashemi,Jingsha He

DOI: https://doi.org/10.6633/ijns.201707.19(4).5

2017-01-01

Abstract:Security is the most important issue in a network system. Administrators can more easily understand threats to the network by using a model. In this paper, we present an approach for modelling a network that considers the benefits of the network as well as its limitations. In our approach, we model the system as an optimization problem, which is solved using three algorithms. As the proposed approach is stochastic, it works very efficiently in a network environment. This paper, presents a mathematical model of the system. Model provides easy comprehend of system. Presented model is based on multi-objective optimization problem. One parameter in the presented model is security and another parameter is user productivity. Security is the most important issue in a network system. Administrators can more easily understand threats to the network by using a model. In this paper, we present an approach for modelling a network that considers the benefits of the network as well as its limitations.

Hongbin Gao,Shangxing Wang,Hongbin Zhang,Bin Liu,Dongmei Zhao,Zhen Liu

DOI: https://doi.org/10.1109/nana56854.2022.00102

2022-01-01

Abstract:This paper has a new network security evaluation method as an absorbing Markov chain-based assessment method. This method is different from other network security situation assessment methods based on graph theory. It effectively refinement issues such as poor objectivity of other methods, incomplete consideration of evaluation factors, and mismatching of evaluation results with the actual situation of the network. Firstly, this method collects the security elements in the network. Then, using graph theory combined with absorbing Markov chain, the threat values of vulnerable nodes are calculated and sorted. Finally, the maximum possible attack path is obtained by blending network asset information to determine the current network security status. The experimental results prove that the method fully considers the vulnerability and threat node ranking and the specific case of system network assets, which makes the evaluation result close to the actual network situation.

Lixia Xie,Xiao Zhang,Jiyong Zhang

DOI: https://doi.org/10.4304/jcp.8.9.2339-2347

2013-01-01

Journal of Computers

Abstract:In order to protect the network and evaluate the network security risks automatically, a new multi-agents risk assessment model based on attack graph (MRAMBAG) is presented. First, a network risk assessment model with master-slave agents is established, especially the functional architecture of master-slave agents and the risk association relation analysis process are designed. Then, the attack path and the attack graph are constructed by using the Attract Graph Building algorithm with the input of the dynamic data information collected by components. Finally, risk indexes of attack path, components, hosts, vulnerabilities and association risk index of network nodes are calculated successively and consequently the security risk quantitative index of target networks are obtained. The experimental results demonstrate that the MRAMBAG is a more feasible and effective way for evaluate the network security risk.