Network Security Metrics

  • Lingyu Wang
  • Sushil Jajodia
  • Anoop Singhal

Table of contents

  1. Front Matter
    Pages i-xiv
  2. Marcel Frigault, Lingyu Wang, Sushil Jajodia, Anoop Singhal
    Pages 1-23
  3. Pengsu Cheng, Lingyu Wang, Sushil Jajodia, Anoop Singhal
    Pages 25-52
  4. Lingyu Wang, Sushil Jajodia, Anoop Singhal, Pengsu Cheng, Steven Noel
    Pages 75-93
  5. Xiaoyan Sun, Jun Dai, Peng Liu, Anoop Singhal, John Yen
    Pages 95-115
  6. Mengyuan Zhang, Lingyu Wang, Sushil Jajodia, Anoop Singhal
    Pages 117-140
  7. Steven Noel, Sushil Jajodia
    Pages 141-176
  8. Rajesh Ganesan, Ankit Shah, Sushil Jajodia, Hasan Cam
    Pages 177-207

About this book


This book examines different aspects of network security metrics and their application to enterprise networks. One of the most pertinent issues in securing mission-critical computing networks is the lack of effective security metrics which this book discusses in detail. Since “you cannot improve what you cannot measure”, a network security metric is essential to evaluating the relative effectiveness of potential network security solutions.

The authors start by examining the limitations of existing solutions and standards on security metrics, such as CVSS and attack surface, which typically focus on known vulnerabilities in individual software products or systems. The first few chapters of this book describe different approaches to fusing individual metric values obtained from CVSS scores into an overall measure of network security using attack graphs. Since CVSS scores are only available for previously known vulnerabilities, such approaches do not consider the threat of unknown attacks exploiting the so-called zero day vulnerabilities. Therefore, several chapters of this book are dedicated to develop network security metrics especially designed for dealing with zero day attacks where the challenge is that little or no prior knowledge is available about the exploited vulnerabilities, and thus most existing methodologies for designing security metrics are no longer effective.

Finally, the authors examine several issues on the application of network security metrics at the enterprise level. Specifically, a chapter presents a suite of security metrics organized along several dimensions for measuring and visualizing different aspects of the enterprise cyber security risk, and the last chapter presents a novel metric for measuring the operational effectiveness of the cyber security operations center (CSOC).

Security researchers who work on network security or security analytics related areas seeking new research topics, as well as security practitioners including network administrators and security architects who are looking for state of the art approaches to hardening their networks, will find this book helpful as a reference. Advanced-level students studying computer science and engineering will find this book useful as a secondary text.


Network security Security metrics Risk analysis Threat modeling Zero Day Attack Attack Graph CVSS Attack Tree Network Diversity Security Analytics

Authors and affiliations

  • Lingyu Wang
    • 1
  • Sushil Jajodia
    • 2
  • Anoop Singhal
    • 3
  1. 1.Concordia Institute for Information Systems EngineeringConcordia UniversityMontrealCanada
  2. 2.Center for Secure Information SystemsGeorge Mason UniversityFairfaxUSA
  3. 3.Computer Security DivisionNISTGaithersburgUSA

Bibliographic information