论文信息 - A Quantitative Evaluation Model for Network Security

A Quantitative Evaluation Model for Network Security

The existing network security assessment models have the problems of inadequate capacity of quantitative analysis and lacking for vulnerabilities correlation. To address these problems, a hierarchical network security evaluation model is proposed. The network is divided into vulnerability level, service level, equipment level and network level. The model uses attack graph to correlate the network vulnerabilities, and then calculates the probabilities of successfully exploiting the vulnerabilities. On this basis, the quantitative risks of each level are calculated. Since this model much more accords with the features of network structure, it is an effectively guidance for the network administrators to develop and improve the network security policies.

Wu Yang | Wei Wang | Lejun Zhang | Yongtian Yang | Dapeng Man

[1] Chen Xiu. Quantitative Hierarchical Threat Evaluation Model for Network Security , 2006 .

[2] Igor V. Kotenko,et al. Attack Graph Based Evaluation of Network Security , 2006, Communications and Multimedia Security.

[3] Xinming Ou,et al. A scalable approach to attack graph generation , 2006, CCS '06.

[4] Edmund M. Clarke,et al. Ranking Attack Graphs , 2006, RAID.

[5] Rayford B. Vaughn,et al. Cluster Security Research Involving the Modeling of Network Exploitations Using Exploitation Graphs , 2006, Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID'06).

[6] Duminda Wijesekera,et al. Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[7] Andy Ju An Wang. Information security models and metrics , 2005, ACM-SE 43.

[8] Hu Ming-zeng. Research on privilege-escalating based vulnerability taxonomy with multidimensional quantitative attribute , 2004 .

[9] Ehab Al-Shaer,et al. Vulnerability analysis For evaluating quality of protection of security policies , 2006, QoP '06.

[10] Dariusz Wawrzyniak,et al. Information Security Risk Assessment Model for Risk Management , 2006, TrustBus.

[11] Roland Rieke. Modelling and Analysing Network Security Policies in a Given Vulnerability Setting , 2006, CRITIS.