Attack Graph Based Network Risk Assessment: Exact Inference vs Region-Based Approximation
Title | Attack Graph Based Network Risk Assessment: Exact Inference vs Region-Based Approximation |
Publication Type | Conference Paper |
Year of Publication | 2017 |
Authors | Cheng, Q., Kwiat, K., Kamhoua, C. A., Njilla, L. |
Conference Name | 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE) |
Keywords | attack graph, Attack Graphs, belief propagation, Complexity theory, composability, Computers, factor graph, Force, Measurement, message passing, Metrics, Probabilistic logic, pubcrawl, region graph, resilience, Resiliency, risk assessment, risk management |
Abstract | Quantitative risk assessment is a critical first step in risk management and assured design of networked computer systems. It is challenging to evaluate the marginal probabilities of target states/conditions when using a probabilistic attack graph to represent all possible attack paths and the probabilistic cause-consequence relations among nodes. The brute force approach has the exponential complexity and the belief propagation method gives approximation when the corresponding factor graph has cycles. To improve the approximation accuracy, a region-based method is adopted, which clusters some highly dependent nodes into regions and messages are passed among regions. Experiments are conducted to compare the performance of the different methods. |
URL | https://ieeexplore.ieee.org/document/7911875/ |
DOI | 10.1109/HASE.2017.8 |
Citation Key | cheng_attack_2017 |