Risk assessment method for network attack surface based on Bayesian attack graph

Yuyang ZHOU,Guang CHENG,Chunsheng GUO

doi:10.11959/j.issn.2096-109x.2018053

网络与信息安全学报 (Jun 2018)

Risk assessment method for network attack surface based on Bayesian attack graph

Yuyang ZHOU,Guang CHENG,Chunsheng GUO

Affiliations

Yuyang ZHOU,Guang CHENG,Chunsheng GUO: School of Cyber Science and Technology,Southeast University,Nanjing 211189,China ； School of Computer Science and Engineering,Southeast University,Nanjing 211189,China； Key Laboratory of Computer Network and Information Integration of Ministry of Education (Southeast University),Nanjing 211189,China

DOI: https://doi.org/10.11959/j.issn.2096-109x.2018053
Journal volume & issue: Vol. 4, no. 6
pp. 11 – 22

Abstract

Read online

Aiming at the lack of objective risk assessment for the network attack surface on moving target defense,in order to realize the security risk assessment for the network system,and calculate the potential attack paths,a risk assessment method for network attack surface based on Bayesian attack graph was proposed.The network system resources,vulnerability and dependencies between them were used to establish Bayesian attack graph.Considering dependencies between nodes,the correlation between the resource and the influence of attacks on the attack path,the probability of each state that attackers can reach and the maximum probability attack path can be inferred.The experimental results prove the feasibility and effectiveness of the proposed network attack surface risk assessment method,which can provide a good support for the selection of dynamic defensive measures of attack surface.

Published in 网络与信息安全学报

ISSN: 2096-109X (Print)
Publisher: POSTS&TELECOM PRESS Co., LTD
Country of publisher: China
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: http://www.infocomm-journal.com/cjnis/CN/2096-109X/home.shtml

About the journal

Abstract

Keywords