张鑫,顾庆,陈道蓄

DOI: https://doi.org/10.3969/j.issn.1002-137x.2009.09.032

2009-01-01

Computer Science

Abstract:Quality of protection can be seen as the security target of security modules when doing their security treatments,which can be judged by quantitative criteria.The question of how to evaluate whether the current software system has fulfills the quality of protection target objectively and effectively has become one of the hotspots of research.Currently,however,most security professionals use the qualitative method for security evaluation,which is highly subjective and makes the evaluation result dependent on the individual experience and thus unreliable.So what needed are substantive and quantitative security metrics.Because of the complexity and the difficulty of implementing the security metrics,a novel security evaluation model was presented in this paper,which analyzed the relative security level of given systems from the views of attack surface,denial of service and attack graph.At last,a general discussion for the process and the result of the evaluation were given.

Xiaohu Li,T. Paul Parker,Shouhuai Xu

DOI: https://doi.org/10.1109/aina.2007.138

2007-01-01

Abstract:Traditional security analyses are often geared towards cryptographic primitives or protocols. Although such analyses are absolutely necessary, they do not provide much insight for answering an equally important question: what is the security assurance of a physically or logically networked system when we consider it as a whole? This question is known to be notoriously difficult, and the state-of-the-art is that we know very little about it. In this paper, we make a step towards resolving it with a new modeling approach.

Alex Ramos,Marcella Lazar,Raimir Holanda Filho,Joel J. P. C. Rodrigues

DOI: https://doi.org/10.1109/comst.2017.2745505

2017-01-01

Abstract:Network security metrics (NSMs) based on models allow to quantitatively evaluate the overall resilience of networked systems against attacks. For that reason, such metrics are of great importance to the security-related decision-making process of organizations. Considering that over the past two decades several model-based quantitative NSMs have been proposed, this paper presents a deep survey of the state-of-the-art of these proposals. First, to distinguish the security metrics described in this survey from other types of security metrics, an overview of security metrics, in general, and their classifications is presented. Then, a detailed review of the main existing model-based quantitative NSMs is provided, along with their advantages and disadvantages. Finally, this survey is concluded with an in-depth discussion on relevant characteristics of the surveyed proposals and open research issues of the topic.

computer science, information systems,telecommunications

Yukun Zheng,Kun Lv,Changzhen Hu

DOI: https://doi.org/10.1007/978-3-319-64701-2_25

2017-01-01

Abstract:With the rapid development of network, network security issues become increasingly important. It is a tough challenge to evaluate the network security due to the increasing vulnerabilities. In this paper, we propose a quantitative method for evaluating network security based on attack graph. We quantify the importance of nodes and the maximum reachable probability of nodes, and construct a security evaluation function to calculate the security risk score. Our approach focuses on the attacker's view and considers the most important factors that may affect the network security. The parameters we use are easily to be acquired in any network. Thus, the assessment score gotten through the evaluation function can comprehensively reflect the security level. According to the security risk value, security professionals can take appropriate countermeasures to harden the network. Experimental results prove that this model solves the security evaluation problem efficiently.

Simon Yusuf Enoch,Jin B. Hong,Mengmeng Ge,Dong Seong Kim

DOI: https://doi.org/10.48550/arXiv.2007.03486

2020-07-07

Cryptography and Security

Abstract:Security metrics present the security level of a system or a network in both qualitative and quantitative ways. In general, security metrics are used to assess the security level of a system and to achieve security goals. There are a lot of security metrics for security analysis, but there is no systematic classification of security metrics that are based on network reachability information. To address this, we propose a systematic classification of existing security metrics based on network reachability information. Mainly, we classify the security metrics into host-based and network-based metrics. The host-based metrics are classified into metrics ``without probability" and "with probability", while the network-based metrics are classified into "path-based" and "non-path based". Finally, we present and describe an approach to develop composite security metrics and it's calculations using a Hierarchical Attack Representation Model (HARM) via an example network. Our novel classification of security metrics provides a new methodology to assess the security of a system.

Zhijun Zhang

2011-01-01

Abstract:As the use of distributed deployment of a large number of heterogeneous security devices in order to build network security defense system generates a mass of security event information which is difficult to effectively manage and the security monitoring systems that are deployed in different places are difficult to manage integratedly, united platform model for network security management is proposed. According to the actual distribution of Yunnan security monitoring systems, the platform establish a level of information system by the use of distributed technology. Platform designs and analyzes its oriented network security managers system architecture and uses risk assessment and event correlation to analyze network operating conditions in real-time, reduce false alarm ratio so that network security managers can find security accidents precisely and respond promptly. And then the paper describes key technologies such as distributed data model,secure event standardization model,secure communication and control protocol in detail.

Xiu-Zhen Chen,Qing-Hua Zheng,Xiao-Hong Guan,Chen-Guang Lin,Jie Sun

DOI: https://doi.org/10.1016/j.cose.2004.08.009

IF: 5.105

2005-01-01

Computers & Security

Abstract:How to evaluate network security threat quantitatively is one of key issues in the field of network security, which is vital for administrators to make decision on the security of computer networks. A novel model of security threat evaluation with a series of quantitative indices is proposed on the analysis of prevalent network intrusions. This model is based on multiple behavior information fusion and two indices of privilege validity and service availability that are proposed to evaluate the impact of prevalent network intrusions on system security, so as to provide security evolution over time, i.e., monitor security changes with respect to modification of security factors. The Markov model and the algorithm of D-S evidence reasoning are proposed to measure these two indices, respectively. Compared with other methods, this method mitigates the impact of unsuccessful intrusions on threat evaluation. It evaluates the impact of important intrusions on system security comprehensively and helps administrators to insight into intrusion steps, determine security state and identify dangerous intrusion traces. Testing in a real network environment shows that this method is reasonable and feasible in alleviating the tremendous task of data analysis and facilitating the understanding of the security evolution of the system for its administrators.

Anming Xie,Weiping Wen,Li Zhang,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/MINES.2009.136

2009-01-01

Abstract:Since attack graphs provide practical attack context and relationships among vulnerabilities, researchers have been trying to evaluate network security based on attack graphs. However, previous works focus their attention on specific evaluations they concerned, and each does things in his own way. There is no explicit way telling network administrators how to measure network security in a general way. In this paper, we propose a new metric framework, whose main goal is to guide people to perform evaluations based on attack graphs. The main components of proposed metric framework include security index, target of evaluation, elementary attribute, composition algorithm, and arithmetic operators. Relative definitions and analysis of these five components are also given. The following examples show the applications of our metric framework, and validate it.

Yue Zhang,Wang Zhao

DOI: https://doi.org/10.1109/icngn59831.2023.10396667

2023-01-01

Abstract:The rapid development of information technology has greatly improved the level of enterprise informatization. However, while providing a variety of services to users, there may also be security issues such as data breaches, denial of service attacks, and extortion attempts. To address the aforementioned issues and enhance the security of information systems, multiple security devices have implemented protective measures. However, relying solely on the configuration and construction of security facilities cannot fundamentally resolve network security issues. Therefore, an important challenge currently faced is how to quantitatively assess, evaluate, and guide security personnel to optimize the configuration of the network security system. This is a significant matter that requires careful consideration.Currently, most existing quantitative security evaluation schemes focus on assessing security risks, but the entire security protection system has not been utilized as an evaluation criterion, and its protective effectiveness has not been quantitatively evaluated. Simultaneously, establishing quantitative connections between security impact factors and the security protection system, linking the protection effectiveness of individual security devices to overall security protection effectiveness, and then optimizing and improving the protection effectiveness have become critical bottlenecks in measuring the protection effectiveness of the network security protection system.

Xiuzhen Chen,Qinghua Zheng,Xiaohong Guan,Chenguang Lin

DOI: https://doi.org/10.3321/j.issn:0253-987X.2004.04.019

2004-01-01

Abstract:Aiming at the deficiency that is unable to provide useful security situation information encountered in the cur2 rent security evaluation systems , a hierarchical and quantitative model , which is used to evaluate security situation of net2 worked systems , and its corresponding computation method are proposed based on the importance of service , host , and the structure of the network system. This model adopts the evaluation policy from bottom to top and from local to global , calculates the risk indexes of service , host and whole network system by weighting the importance of service and host based on the analysis of attack frequency and its severity , and further evaluates their security situation. Experiments on the HoneyNet dataset show that this system can evaluate the security situation in three levels : service , host and local area network system. It provides system administrators with system intuitive security situation curve and releases them from the exhausting task of alert analysis.

Ángel Longueira-Romero,Rosa Iglesias,David Gonzalez,Iñaki Garitano

DOI: https://doi.org/10.48550/arXiv.2112.05475

2021-12-10

Abstract:Embedded Systems (ES) development has been historically focused on functionality rather than security, and today it still applies in many sectors and applications. However, there is an increasing number of security threats over ES, and a successful attack could have economical, physical or even human consequences, since many of them are used to control critical applications. A standardized and general accepted security testing framework is needed to provide guidance, common reporting forms, and the possibility to compare the results along the time. This can be achieved by introducing security metrics into the evaluation or assessment process. If carefully designed and chosen, metrics could provide a quantitative, repeatable and reproducible value that would reflect the level of security protection of the ES. This paper analyzes the features that a good security metric should exhibit, introduces a taxonomy for classifying them, and finally, it carries out a literature survey on security metrics for the security evaluation of ES. In this review, more than 500 metrics were collected and analyzed. Then, they were reduced to 169 metrics that have the potential to be applied to ES security evaluation. As expected, the 77.5 % of them is related exclusively to software, and only the 0.6 % of them addresses exclusively hardware security. This work aims to lay the foundations for constructing a security evaluation methodology that uses metrics to quantify the security level of an ES.

Cryptography and Security

Volodymyr Buriachok,Volodymyr Sokolov,Pavlo Skladannyi

DOI: https://doi.org/10.48550/arXiv.1906.10877

2019-06-26

Cryptography and Security

Abstract:The paper examines quantitative assessment of wireless distribution system security, as well as an assessment of risks from attacks and security violations. Furthermore, it describes typical security breach and formal attack models and five methods for assessing security. The proposed normalized method for assessing the degree of security assurance operates with at least three characteristics, which allows comparatively analyze heterogeneous information systems. The improved calculating formulas have been proposed for two security assessment methods, and the elements of functional-cost analysis have been applied to calculate the degree of security. To check the results of the analysis, the coefficient of concordance was calculated, which gives opportunity to determine the quality of expert assessment. The simultaneous use of several models to describe attacks and the effectiveness of countering them allows us to create a comprehensive approach to countering modern security threats to information networks at the commercial enterprises and critical infrastructure facilities.

Michael D. Iannacone,Robert A. Bridges

DOI: https://doi.org/10.48550/arXiv.1902.00053

2019-10-25

Abstract:Metrics and frameworks to quantifiably assess security measures have arisen from needs of three distinct research communities - statistical measures from the intrusion detection and prevention literature, evaluation of cyber exercises, e.g.,red-team and capture-the-flag competitions, and economic analyses addressing cost-versus-security tradeoffs. In this paper we provide two primary contributions to the security evaluation literature - a representative survey, and a novel framework for evaluating security that is flexible, applicable to all three use cases, and readily interpretable. In our survey of the literature we identify the distinct themes from each community's evaluation procedures side by side and flesh out the drawbacks and benefits of each. The evaluation framework we propose includes comprehensively modeling the resource, labor, and attack costs in dollars incurred based on expected resource usage, accuracy metrics, and time. This framework provides a unified approach in that it incorporates the accuracy and performance metrics, which dominate intrusion detection evaluation, the time to detection and impact to data and resources of an attack, favored by educational competitions' metrics, and the monetary cost of many essential security components used in financial analysis. Moreover, it is flexible enough to accommodate each use case, easily interpretable and comparable, and comprehensive in terms of costs <a class="link-external link-http" href="http://considered.Finally" rel="external noopener nofollow">this http URL</a>, we provide two examples of the framework applied to real-world use cases. Overall, we provide a survey and a grounded, flexible framework with multiple concrete examples for evaluating security which can address the needs of three currently distinct communities.

Cryptography and Security

CHEN Xiu-Zhen,ZHENG Qing-Hua,GUAN Xiao-Hong,LIN Chen-Guang

DOI: https://doi.org/10.1360/jos170885

2006-01-01

Journal of Software

Abstract:Evaluating security threat status is very important in network security management and analysis. A quantitative hierarchical threat evaluation model is developed in this paper to evaluate security threat status of a computer network system and the computational method is developed based on the structure of the network and the importance of services and hosts. The evaluation policy from bottom to top and from local to global is adopted in this model. The threat indexes of services, hosts and local networks are calculated by weighting the importance of services and hosts based on attack frequency, severity and network bandwidth consumption, and the security threat status is then evaluated. The experiment results show that this model can provide the intuitive security threat status in three hierarchies: services, hosts and local networks so that system administrators are freed from tedious analysis tasks based on the alarm datasets to have overall security status of the entire system. It is also possible for them to find the security behaviors of the system, to adjust the security strategies and to enhance the performance on system security. This model is valuable for guiding the security engineering practice and developing the tool of security risk evaluation.

Xiaohu Li,Timothy Paul Parker,Shouhuai Xu

DOI: https://doi.org/10.1109/tdsc.2008.75

2011-01-01

Abstract:Traditional security analyses are often geared toward cryptographic primitives or protocols. Although such analyses are necessary, they cannot address a defender's need for insight into which aspects of a networked system having a significant impact on its security, and how to tune its configurations or parameters so as to improve security. This question is known to be notoriously difficult to answer, and the state of the art is that we know little about it. Toward ultimately addressing this question, this paper presents a stochastic model for quantifying security of networked systems. The resulting model captures two aspects of a networked system:1) the strength of deployed security mechanisms such as intrusion detection systems and 2) the underlying vulnerability graph, which reflects how attacks may proceed. The resulting model brings the following insights: 1) How should a defender “tune” system configurations (e.g., network topology) so as to improve security? 2) How should a defender “tune” system parameters (e.g., by upgrading which security mechanisms) so as to improve security? 3) Under what conditions is the steady-state number of compromised entities of interest below a given threshold with a high probability? Simulation studies are conducted to confirm the analytic results, and to show the tightness of the bounds of certain important metric that cannot be resolved analytically.

Jie Ma,Shuanbao Li

DOI: https://doi.org/10.1155/2022/7300977

2022-05-13

Scientific Programming

Abstract:This article proposes a computer network security defense system model based on multisource big data, which makes the security of computer networks more complete because of the shortage of current computer network security defense systems. The current network security situation is analyzed, and the problems faced in the field of network security are pointed out; then, multisource big data is introduced, and the characteristics of the multisource big data model are analyzed. This article proposes an information system network security model, which formally describes the relationship between network behavior among nodes, security threats, network attacks, and defense capability of security devices in an information system. After that, a network security defense system measurement scheme is constructed based on hierarchical analysis, and quantitative indicators of defense effectiveness are defined in two dimensions: risk severity of security threats and defense response actions of security devices, which enables quantitative evaluation of the security defense system, and then identifies omissions and defects of the network security defense system. A defense system measurement and optimization system is designed based on the proposed network security system measurement and optimization scheme. The application analysis of the project is combined with the actual scenarios. Through the evaluation and optimization of the security defense system in the natural methods, it is proved that the network security defense system evaluation and optimization scheme proposed in this article has reasonableness and effectiveness in the actual application.

computer science, software engineering

Xuesong Huo,Ming Zhang,Hongqin Zhu,Wei Li

DOI: https://doi.org/10.1109/cbd54617.2021.00052

2021-01-01

Abstract:At present, most of the security situation assessment methods for the power monitoring system only consider the network factors, ignore the security factors inside the system, and the weight distribution of assessment indicators is subjective. This paper analyzes the security factors affecting the power monitoring system, and gives the security situation assessment indicator system of the power monitoring system. On this basis, the security situation of each equipment is assessed based on Support Vector Regression, and the weight is calculated according to the importance of the security area division of the power monitoring system where different equipment is located. Finally, the overall security situation of the power monitoring system is comprehensively evaluated through weighted summation. On the one hand, it can improve the accuracy, the flexibility and the expansibility of the security situation assessment for the power monitoring system. On the other hand, it can also trace the source of security problems in the power monitoring system, which is convenient for managers to isolate risks quickly and efficiently or take defense strategies.

Qiaomu Jiang,Yiqin Lu,Bin Wang,Linxia Zhang,Wen Long

DOI: https://doi.org/10.1109/icct56141.2022.10072804

2022-01-01

Abstract:This paper focuses on the security of state estimation in supervisory control and data acquisition (SCADA) system in smart grids. The security index has been wildly studied to evaluate the vulnerability of SCADA systems under various types of cyber attacks, e.g., the false data injection (FDI) attack and distributed denial of service (DDoS) attack. However, it is shown that the calculation of security index is an NP-hard problem. Therefore, we propose an algebraic polynomial-time algorithm to calculate the security indices iteratively based on the orthogonal projection technique. Since existing modeling methods of security index only consider the attack overhead, without considering the impact of cyber attacks on the system performance, a novel hybrid security index is constructed. In the hybrid security index, the overheads of FDI attacks, DDoS attacks, and the impact of attack on the estimation error are considered simultaneously. Numerical results show that the protection of some critical measurements can enhance the overall security of SCADA systems.

Quande Yuan,Yuzhen Pi,Lei Kou,Fangfang Zhang,Bo Ye

DOI: https://doi.org/10.48550/arXiv.2211.14422

IF: 14.4

2022-11-26

Artificial Intelligence

Abstract:Cybersecurity is the security cornerstone of digital transformation of the power grid and construction of new power systems. The traditional network security situation quantification method only analyzes from the perspective of network performance, ignoring the impact of various power application services on the security situation, so the quantification results cannot fully reflect the power information network risk state. This study proposes a method for quantifying security situation of the power information network based on the evolutionary neural network. First, the security posture system architecture is designed by analyzing the business characteristics of power information network applications. Second, combining the importance of power application business, the spatial element index system of coupled interconnection is established from three dimensions of network reliability, threat, and vulnerability. Then, the BP neural network optimized by the genetic evolutionary algorithm is incorporated into the element index calculation process, and the quantitative model of security posture of the power information network based on the evolutionary neural network is constructed. Finally, a simulation experiment environment is built according to a power sector network topology, and the effectiveness and robustness of the method proposed in the study are verified.

Giacomo Gori,Lorenzo Rinieri,Andrea Melis,Amir Al Sadi,Franco Callegati,Marco Prandini

DOI: https://doi.org/10.3390/electronics13071208

IF: 2.9

2024-03-26

Electronics

Abstract:Nowadays, as the cyber-threat landscape is evolving and digital assets are proliferating and becoming more and more interconnected with the internet and heterogeneous devices, it is fundamental to be able to obtain a sensible measure of the security of devices, networks, and systems. Industrial cyber–physical systems (ICPSs), in particular, can be exposed to high operational risks that entail damage to revenues, assets, and even people. A way to overcome the open question of measuring security is with the use of security metrics. With metrics it is possible to rely on proven indicators that benchmark systems, identify vulnerabilities, and show practical data to assess the risk. However, security metrics are often proposed with specific contexts in mind, and a set of them specifically crafted for ICPSs is not explicitly available in the literature. For this reason, in this work, we analyze the current state of the art in the selection of security metrics and we propose a systematic methodology to gather, filter, and validate security metrics. Then, we apply the procedure to the ICPS domain, gathering almost 300 metrics from the literature, analyzing the domain to identify the properties useful to filter the metrics, and applying a validation framework to assess the validity of the filtered metrics, obtaining a final set capable of measuring the security of ICPSs from different perspectives.

engineering, electrical & electronic,computer science, information systems,physics, applied