Evaluating the Effectiveness of Security Metrics for Dynamic Networks
Title | Evaluating the Effectiveness of Security Metrics for Dynamic Networks |
Publication Type | Conference Paper |
Year of Publication | 2017 |
Authors | Yusuf, S. E., Ge, M., Hong, J. B., Alzaid, H., Kim, D. S. |
Conference Name | 2017 IEEE Trustcom/BigDataSE/ICESS |
Keywords | Adaptation models, Analytical models, attack cost, Attack Graphs, attack trees, composability, comprehensive analysis, computer network security, configuration changes, cyber security, Databases, dynamic networks, graphical security models, Measurement, Metrics, modern enterprise network security, network system security posture, pubcrawl, resilience, Resiliency, security, security assessment, security metrics, Servers, shortest attack path, temporal hierarchical attack representation model, trees (mathematics), Workstations |
Abstract | It is difficult to assess the security of modern enterprise networks because they are usually dynamic with configuration changes (such as changes in topology, firewall rules, etc). Graphical security models (e.g., Attack Graphs and Attack Trees) and security metrics (e.g., attack cost, shortest attack path) are widely used to systematically analyse the security posture of network systems. However, there are problems using them to assess the security of dynamic networks. First, the existing graphical security models are unable to capture dynamic changes occurring in the networks over time. Second, the existing security metrics are not designed for dynamic networks such that their effectiveness to the dynamic changes in the network is still unknown. In this paper, we conduct a comprehensive analysis via simulations to evaluate the effectiveness of security metrics using a Temporal Hierarchical Attack Representation Model. Further, we investigate the varying effects of security metrics when changes are observed in the dynamic networks. Our experimental analysis shows that different security metrics have varying security posture changes with respect to changes in the network. |
URL | https://ieeexplore.ieee.org/document/8029451/ |
DOI | 10.1109/Trustcom/BigDataSE/ICESS.2017.248 |
Citation Key | yusuf_evaluating_2017 |
- graphical security models
- Workstations
- trees (mathematics)
- temporal hierarchical attack representation model
- shortest attack path
- Servers
- security assessment
- security
- Resiliency
- resilience
- network system security posture
- modern enterprise network security
- Metrics
- Measurement
- Security Metrics
- dynamic networks
- Databases
- cyber security
- configuration changes
- computer network security
- comprehensive analysis
- composability
- attack trees
- attack graphs
- attack cost
- Analytical models
- Adaptation models
- pubcrawl