An Attack Graph Based Metric for Security Evaluation of Computer Networks

nowadays computer networks face with multi-step attacks, during which, intruder exploits multiple vulnerabilities in a specific manner to attack his victim. So for assessing network security it is essential to understand which vulnerabilities and how must be exploited by the attacker to reach his goal. Such information can be obtained by modeling the network with attack graph. Current approaches for security assessment lack quantitative nature whereas for accurate decision making in security improvement of the network, it is necessary to measure security risk of possible attacks in the network quantitatively. In this paper an attack graph based security metric was proposed that can measure security risk of possible attacks in the network quantitatively. This metric can compute risk degradation options in terms of maximizing security and minimizing cost. Our security metric can be used to calculate total network security quantitatively and can be used for performing cost-benefit tradeoff in network hardening systems. The result of using the proposed metric with one network hardening framework on one well-known example is shown in this paper.