Research of Quantitative Vulnerability Assessment Based on Attack Graphs

Computer Engineering & Science ›› 2010, Vol. 32 ›› Issue (10): 8-11.

Previous Articles Next Articles

Research of Quantitative Vulnerability Assessment Based on Attack Graphs

CHEN Feng1，ZHANG Yi1，BAO Aihua2，SU Jin shu1

(1.School of Computer Science，National University of Defense Technology，Changsha 410073;
2.School of Information Systems and Management,National University of Defense Technology,Changsha 410073,China)

Received:2008-10-24 Revised:2008-12-03 Online:2010-09-29 Published:2010-09-29

Abstract

Abstract:

Attack graph is a modelbased vulnerability analysis technology. It may automatically analyze the interrelation among vulnerabilities in the network and the potential threat resulting from the vulnerabilities，which is one of problems the quantitative vulnerability assessment must solve. This paper proposes a novel quantitative vulnerability assessment method based on attributebased attack graphs. First attributebased attack graphs and valid attack paths are formally described， and maximal reachable probability is adopted to measure the vulnerability of the key attribute set of the target network. An algorithm for computing maximal reachable probability is presented to solve the problem of loop attack paths. Finally， because some data may not be obtained in practical assessment，the conception of creditability is introduced to measure the impact of absent data on the result.

Key words: attack graph, valid attack path, maximal reachable probability, creditability

CHEN Feng1, ZHANG Yi1, BAO Aihua2, SU Jin shu1. Research of Quantitative Vulnerability Assessment Based on Attack Graphs[J]. Computer Engineering & Science, 2010, 32(10): 8-11.

[1]	ZHANG Yufeng,LOU Fang,ZHANG Li. Security assessment of web applications based on software attack surface [J]. J4, 20160101, 38(01): 73-77.
[2]	LI Yan，HUANG Guang-qiu. A new attack intent detection method based on possible graph [J]. Computer Engineering & Science, 2017, 39(04): 698-707.
[3]	LI Yan，HUANG Guang-qiu，ZHANG Bin. A risk assessment framework based on attack events in dynamic networks [J]. Computer Engineering & Science, 2016, 38(09): 1803-1811.
[4]	ZHANG Yufeng,LOU Fang,ZHANG Li. Security assessment of web applications based on software attack surface [J]. J4, 2016, 38(01): 73-77.
[5]	HE Zhiqiang，LOU Fang，LI Liang. Attack Graph Optimization Based on Attack Distance [J]. J4, 2012, 34(2): 9-12.
[6]	ZHAO Bao1，ZHANG Yi2,MENG Yuan1. A Backward Search Approach to Attack Graph Generation Based on Attack Patterns [J]. J4, 2011, 33(7): 18-24.
[7]	ZHU Ming1，YIN Jianping1，CHENG Jieren1,2，LIU Qiang1，LIN Jiarun1. A Method of Generating the MultiTargets Attack Graphs Based on Greedy Policies [J]. J4, 2010, 32(6): 22-25.

Research of Quantitative Vulnerability Assessment Based on Attack Graphs

PDF

Knowledge

Abstract

Cite this article

share this article

Related Articles 7

Recommended Articles

Metrics

Comments