Research Article
Using attack graphs and intrusion evidences to extrapolate network security state
@INPROCEEDINGS{10.1109/CHINACOM.2009.5339841, author={Shaojun Zhang and Lan Li and Jianhua Li and Shanshan Song and Xiuzhen Chen}, title={Using attack graphs and intrusion evidences to extrapolate network security state}, proceedings={ChinaCom2009-Network and Information Security Symposium}, publisher={IEEE}, proceedings_a={CHINACOM2009-NIS}, year={2009}, month={11}, keywords={Network security; attack graph; intrusion evidence; Bayesian inference}, doi={10.1109/CHINACOM.2009.5339841} }- Shaojun Zhang
Lan Li
Jianhua Li
Shanshan Song
Xiuzhen Chen
Year: 2009
Using attack graphs and intrusion evidences to extrapolate network security state
CHINACOM2009-NIS
IEEE
DOI: 10.1109/CHINACOM.2009.5339841
Abstract
Network attack graphs are originally used to evaluate what the worst security state will be if a network is under attack. Along with observed intrusion evidences, we can further use attack graphs to extrapolate the current security state of a concerned network. Methods have been proposed in recent years to use observed intrusion evidences to compute the node belief metric of network attack graphs. However, these methods suffer either from low model generality, high computational complexity or immoderate dependence on empirical formulas. To overcome these obstacles, we improve one of the Bayesian network inference algorithms - the likelihood weighting algorithm into a novel node belief metric computation method. Experiment results show our method can achieve high computational accuracy in linear computational complexity, a feature making it feasible to be used to process large scale network attack graphs in real-time.