Chinese Journal of Network and Information Security ›› 2018, Vol. 4 ›› Issue (6): 11-22.doi: 10.11959/j.issn.2096-109x.2018053

• Papers • Previous Articles     Next Articles

Risk assessment method for network attack surface based on Bayesian attack graph

Yuyang ZHOU1,2,3,Guang CHENG1,2,3,Chunsheng GUO1,2,3   

  1. 1 School of Cyber Science and Technology,Southeast University,Nanjing 211189,China
    2 School of Computer Science and Engineering,Southeast University,Nanjing 211189,China
    3 Key Laboratory of Computer Network and Information Integration of Ministry of Education (Southeast University),Nanjing 211189,China
  • Revised:2018-06-02 Online:2018-06-15 Published:2018-08-08
  • Supported by:
    The National Natural Science Foundation of China(61602114);The National Key R&D Plan Program of China(2017YFB0801703)

Abstract:

Aiming at the lack of objective risk assessment for the network attack surface on moving target defense,in order to realize the security risk assessment for the network system,and calculate the potential attack paths,a risk assessment method for network attack surface based on Bayesian attack graph was proposed.The network system resources,vulnerability and dependencies between them were used to establish Bayesian attack graph.Considering dependencies between nodes,the correlation between the resource and the influence of attacks on the attack path,the probability of each state that attackers can reach and the maximum probability attack path can be inferred.The experimental results prove the feasibility and effectiveness of the proposed network attack surface risk assessment method,which can provide a good support for the selection of dynamic defensive measures of attack surface.

Key words: moving target defense, security risk assessment, Bayesian attack graph, attack surface, attack path

CLC Number: 

No Suggested Reading articles found!