A Risk Assessment Model Using Incomplete Attack Graphs Analysis

doi:10.13190/jbupt.201003.57.wuh

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2010, Vol. 33 ›› Issue (3): 57-61.doi: 10.13190/jbupt.201003.57.wuh

• Papers • Previous Articles Next Articles

A Risk Assessment Model Using Incomplete Attack Graphs Analysis

WU Huan^1,2, PAN Lin^1,2, WANG Xiao-zhen^1,2, XU Rong-sheng¹

(1. Computing Center, Institute of High Energy Physics, Chinese Academy
of Sciences, Beijing 100049, China; 
2. Graduate School, Chinese Academy of Sciences, Beijing 100049, China)

Received:2009-07-21 Revised:2010-02-21 Online:2010-06-28 Published:2010-05-14

Abstract

Abstract:

To solve the hysteresis problem of complete attack graphs analysis method, the existing attack

graphs analysis is researched. By importing uncertain and unknown information, an incomplete

attack graphs analysis (IAGA) method is proposed. A risk assessment model based on IAGA

(IAGARAM) is also proposed, that will prevent asset losses from real intrusion activities, and is

applicable to the business life cycle.

Key words: attack graphs, attack path, incomplete attack graphs analysis, risk assessment, risk management

CLC Number:

TP309

WU Huan, PAN Lin, WANG Xiao-zhen, XU Rong-sheng.

A Risk Assessment Model Using Incomplete Attack Graphs Analysis [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2010, 33(3): 57-61.

[1] 刘晶, 伏飞, 戴江山, 等. 一种基于动态建链推理的网络攻击过程分析方法[J]. 电子科技大学学报, 2006, 35(5): 819-822. Liu Jing, Fu Fei, Dai Jiangshan, et al. A method of the network attack process analysis based on dynamic linking inference[J]. Journal of University of Electronic Science and Technology of China, 2006, 35(5): 819-822.
[2] Noel S, Robertson E, Jajodia S. Correlating intrusion events and building attack scenarios through attack graph distances//Proceedings of the 20th Annual Computer Security Applications Conference. : IEEE Computer Society, 2004: 350-359.
[3] Wang Lingyu, Singhal A, Jajodia S. Measuring the overall security of network configurations using attack graphs//Data and Applications Security 2007. Heidelberg: Springer, 2007: 98-112.
[4] Ammann P, Wijesekera D, Kaushik S. Scalable, graph-based network vulnerability analysis//Proceedings of the 9th ACM Conference on Computer and Communications Security. Washington D C: ACM Press, 2002: 217-224.
[5] 张永铮, 方滨兴, 迟悦, 等. 网络风险评估中网络节点关联性的研究[J]. 计算机学报, 2007, 30(2): 234-240. Zhang Yongzheng, Fang Binxing, Chi Yue, et al. Research on network node correlation in network risk assessment[J]. Chinese Journal of Computers, 2007, 30(2): 234-240.
[6] Chen Feng, Su Jinshu. A flexible approach to measuring network security using attack graphs//2008 International Symposium on Electronic Commerce and Security. Guangzhou: IEEE Computer Society, 2008: 426-431.
[7] 刘芳. 信息系统安全评估理论及其关键技术研究. 长沙: 国防科学技术大学, 2005.
[8] 邓新颖, 杨庚, 姚放吾, 等. 基于多阶段网络攻击的网络风险评估方法研究[J]. 计算机工程与应用, 2006, 42(18): 133-135, 203. Deng Xinying, Yang Geng, Yao Fangwu, et al. A network risk assessment method based on multi-stage network attack[J]. Computer Engineering and Applications, 2006, 42(18):133-135, 203.

A Risk Assessment Model Using Incomplete Attack Graphs Analysis

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 7

Recommended Articles

Metrics

Comments

[1]	YANG Hongyu, YUAN Haihang, ZHANG Liang. A Risk Assessment Method of Network Host Node with Host Importance [J]. Journal of Beijing University of Posts and Telecommunications, 2022, 45(2): 16-21.
[2]	YANG Hong-yu, ZHANG Le, ZHANG Liang. An Information System Risk Assessment Method Based on Risk Propagation [J]. Journal of Beijing University of Posts and Telecommunications, 2021, 44(4): 41-48.
[3]	ZHAO Jian, WANG Rui, LI Zheng-min, LEI Min, MA Min-yao. Security Threats and Risk Assessment of IoT System [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2017, 40(s1): 135-139.
[4]	LEI Min, LIU Xiao-ming, ZHANG Hong, WANG Mian, YANG Yu. Research on Security Threats and Risk Assessment of Web Information System [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2016, 39(s1): 87-93.
[5]	GE Hai-hui, ZHENG Shi-hui, CHEN Tian-ping, YANG Yi-xian. Fuzzy Risk Assessment of Information Security Threat Scenario [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2013, 36(6): 89-92,107.
[6]	. Network Security Analysis Based on Host-Security-Group [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2012, 35(1): 19-23.
[7]	LuZhenbang,ZHOU Bo. Hierarchical Risk Assessment Based on Shapley Entropies and Choquet Integrals [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(6): 83-87.