Chinese Journal of Network and Information Security ›› 2018, Vol. 4 ›› Issue (9): 1-16.doi: 10.11959/j.issn.2096-109x.2018072

• Comprehensive Review •     Next Articles

Survey of attack graph based network security metric

Hao HU1,2(),Yuling LIU3,Yuchen ZHANG1,2,Hongqi ZHANG1,2   

  1. 1 The Third Institute,Information Engineering University,Zhengzhou 450001,China
    2 Henan Key Laboratory of Information Security,Zhengzhou 450001,China
    3 Trusted Computing and Information Assurance Laboratory,Institute of Software,Chinese Academy of Sciences,Beijing 100190,China
  • Revised:2018-08-10 Online:2018-09-15 Published:2018-10-15
  • Supported by:
    The National High Technology Research and Development Program of China (863 Program)(2015AA016006);The National Key Research and Development Program of China(2016YFF0204002);The National Key Research and Development Program of China(2016YFF0204003);The Science and Technology Leading Talent Project of Zhengzhou(131PLJRC644);The Equipment Pre-research Foundation During the 13th Five-Year Plan Period(6140002020115);The CCF-Venus Hongyan Research Plan(2017003)


One of the main challenges of network security metrics is how to accurately identify the intrusion of the intruders exploiting the dependence between the vulnerabilities for threat propagation in the target network system as well as to quantify the potential impact on the network system.Because of its superior performance of visual display,the attack graph becomes one of the effective ways to solve the problem.Firstly,the concept,development and general metric models of security metrics were introduced.Secondly,the related researches with respect to attack graph construction,classification and application were discussed.Thirdly,a hierarchical framework for security metric using attack graph was proposed,and then existing methods of network security metric were summarized from three levels (key “point”,attack “line” and situation “plane”).Finally,the difficult issues and development trends for the current research were discussed.

Key words: network security metric, attack graph, security vulnerability, alert analysis, quantitative assessment

CLC Number: 

No Suggested Reading articles found!