Login | Register

Measuring network security using Bayesian Network-based attack graphs

Title:

Measuring network security using Bayesian Network-based attack graphs

Frigault, Marcel (2010) Measuring network security using Bayesian Network-based attack graphs. Masters thesis, Concordia University.

[img]
Preview
Text (application/pdf)
MR67114.pdf - Accepted Version
3MB

Abstract

Given the increasing dependence of our societies on networked information systems, the overall security of such systems should be measured and improved. Recent research has explored the application of attack graphs and probabilistic security metrics to address this challenge. However, such work usually shares several limitations. First, individual vulnerabilities' scores are usually assumed to be independent. This assumption will not hold in many realistic cases where exploiting a vulnerability may change the score of other vulnerabilities. Second, the evolving nature of vulnerabilities and networks has generally been ignored. The scores of individual vulnerabilities are constantly changing due to released patches and exploits, which should be taken into account in measuring network security. To address these limitations, this thesis first proposes a Bayesian Network-based attack graph model for combining scores of individual vulnerabilities into a global measurement of network security. The application of Bayesian Networks allows us to handle dependency between scores and provides a sound theoretical foundation to network security metrics. We then extend the model using Dynamic Bayesian Networks in order to reason about the patterns and trends in changing scores of vulnerabilities. Finally, we implement and evaluate the proposed models through simulation studies.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Frigault, Marcel
Pagination:xi, 77 leaves : ill. ; 29 cm.
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Institute for Information Systems Engineering
Date:2010
Thesis Supervisor(s):Wang, L
ID Code:979259
Deposited By: Concordia University Library
Deposited On:09 Dec 2014 17:56
Last Modified:18 Jan 2018 17:48
Related URLs:
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top