Skip to main content
SpringerLink
Log in

Network Risk Assessment Based on Attack Graphs

  • Conference paper
  • First Online:
Theory and Engineering of Dependable Computer Systems and Networks (DepCoS-RELCOMEX 2021)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1389))

Included in the following conference series:

  • 455 Accesses

Abstract

The paper discusses the problem of computer networks’ security evaluation. It focuses on attack graph based approach. The proposed method is based on MulVAL reasoning engine that identifies possible attack paths leading from an attacker to pointed assets of the assessed IT network. These paths create an attack graph used for attack probability calculation. The method takes advantage of information from vulnerability scanners and topology snapshot. A typical enterprise network has been examined and attack graph based security evaluation- presented. The case study probability calculations have been provided including possible remediation. Benefits and limitations of proposed method have been discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Wang, L., Islam, T., Long, T., Singhal, A., Jajodia, S.: An attack graph-based probabilistic security metric. In: Data and Applications Security XXII. DBSec. LNCS, vol. 5094. LNCS, pp. 283–296. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70567-3_22

  2. Homer, J., Zhang, S., Ou, X., Schmidt, D., Du, Y.: Aggregating vulnerability metrics in enterprise networks using attack graphs. J. Comput. Secur. 21(4), 561–597 (2013). https://doi.org/10.3233/JCS-130475

    Article  Google Scholar 

  3. Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: Proceedings of 14th Conference USENIX Security Symposium,vol. 14, p. 8 (2005)

    Google Scholar 

  4. Hermanowski, D., Piotrowski, R.: Proactive risk assessment based on attack graphs. An element of the risk management process on system, enterprise and national level. In: IEEE International Conference on Data Science and Systems DSS-2018, Exeter, Great Britain, https://doi.org/10.1109/HPCC/SmartCity/DSS.2018.00237

  5. Frank, M.S., Konrad, W.: Comparative Study and Roadmap DRA, Comparative study and roadmap for the development of the dynamic risk assessment function. Technical report 2012/SPW007956/03

    Google Scholar 

  6. ISO 31000 - Risk management. https://www.iso.org/iso-31000-risk-management.html. Accessed 15 Dec 2020

  7. North Atlantic Treaty Organization: Management Directive on CIS Security (2005). https://www.nbu.cz/download/pravni-predpisy---nato/AC_35-D_2005-REV3.pdf. Accessed 15 Dec 2020

  8. Common Vulnerability Enumeration. https://cve.mitre.org Accessed 15 Dec 2020

  9. Common Vulnerability Scoring System v3.0: Specification Document (2015). https://www.first.org/cvss/v3.0/specification-document. Accessed 15 Dec 2020

  10. Common Weakness Enumeration - About CWE (2020). https://cwe.mitre.org/. Accessed 15 Dec 2020

  11. Common Vulnerability Scoring System v3.0: User Guide. https://www.first.org/cvss/v3.0/cvss-v30-user_guide_v1.6.pdf. Accessed 15 Dec 2020.

  12. Huang, S., Green, T., Loo, B.: Datalog and Emerging applications: An Interactive Tutorial. http://www.cs.ucdavis.edu/~green/papers/sigmod906t-huang.pdf. Accessed 15 Dec 2020. https://doi.org/10.1145/1989323.1989456

  13. Strom, B.E., et al.: MITRE ATT&CK™: Design and Philosophy (2018). https://www.mitre.org/sites/default/files/publications/pr-18-0944-11-mitre-attack-design-and-philosophy.pdf. Accessed 15 Dec 2020

Download references

Author information

Authors and Affiliations

  1. Military Communication Institute, Street Warszawska 22A, 05-130, Zegrze, Poland

    Damian Hermanowski & Rafał Piotrowski

Authors
  1. Damian Hermanowski
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rafał Piotrowski
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rafał Piotrowski .

Editor information

Editors and Affiliations

  1. Wrocław University of Science and Technology, Wrocław, Poland

    Wojciech Zamojski

  2. Wrocław University of Science and Technology, Wrocław, Poland

    Jacek Mazurkiewicz

  3. Wrocław University of Science and Technology, Wrocław, Poland

    Jarosław Sugier

  4. Wrocław University of Science and Technology, Wrocław, Poland

    Tomasz Walkowiak

  5. Polish Academy of Sciences, Systems Research Institute, Warsaw, Poland

    Janusz Kacprzyk

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hermanowski, D., Piotrowski, R. (2021). Network Risk Assessment Based on Attack Graphs. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Theory and Engineering of Dependable Computer Systems and Networks. DepCoS-RELCOMEX 2021. Advances in Intelligent Systems and Computing, vol 1389. Springer, Cham. https://doi.org/10.1007/978-3-030-76773-0_16

Download citation

Publish with us

Policies and ethics

Search

Navigation