Measuring the Overall Security of Network Configurations Using Attack Graphs

  • Lingyu Wang
  • Anoop Singhal
  • Sushil Jajodia
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4602)


Today’s computer systems face sophisticated intrusions during which multiple vulnerabilities can be combined for reaching an attack goal. The overall security of a network system cannot simply be determined based on the number of vulnerabilities. To quantitatively assess the security of networked systems, one must first understand which and how vulnerabilities can be combined for an attack. Such an understanding becomes possible with recent advances in modeling the composition of vulnerabilities as attack graphs. Based on our experiences with attack graph analysis, we explore different concepts and issues on a metric to quantify potential attacks. To accomplish this, we present an attack resistance metric for assessing and comparing the security of different network configurations. This paper describes the metric at an abstract level as two composition operators with features for expressing additional constraints. We consider two concrete cases. The first case assumes the domain of attack resistance to be real number and the second case represents resistances as a set of initial security conditions. We show that the proposed metric satisfies desired properties and that it adheres to common sense. At the same time, it generalizes a previously proposed metric that is also based on attack graphs. It is our belief that the proposed metric will lead to novel quantitative approaches to vulnerability analysis, network hardening, and attack responses.


Model Check Network Security Individual Resistance Attack Response Network Hardening 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), pp. 217–224. ACM Press, New York (2002)CrossRefGoogle Scholar
  2. 2.
    Applied Computer Security Associates. In: Workshop on Information Security System Scoring and Ranking (2001)Google Scholar
  3. 3.
    Balzarotti, D., Monga, M., Sicari, S.: Assessing the risk of using vulnerable components. In: Proceedings of the 1st Workshop on Quality of Protection (2005)Google Scholar
  4. 4.
    Balzarotti, P., Monga, M., Sicari, S.: Assessing the risk of using vulnerable components. In: Proceedings of the 2nd ACM workshop on Quality of protection, ACM Press, New York (2005)Google Scholar
  5. 5.
    Beth, T., Borcherding, M., Klein, B.: Valuation of trust in open networks. In: Gollmann, D. (ed.) Computer Security - ESORICS 94. LNCS, vol. 875, pp. 3–18. Springer, Heidelberg (1994)Google Scholar
  6. 6.
    Chapin, P., Skalka, C., Wang, X.S.: Risk assessment in distributed authorization. In: 3rd ACM Workshop on Formal Methods in Security Engineering: From Specifications to Code, ACM Press, New York (2005)Google Scholar
  7. 7.
    Dacier, M.: Towards quantitative evaluation of computer security. Ph.D. Thesis, Institut National Polytechnique de Toulouse (1994)Google Scholar
  8. 8.
    Dacier, M., Deswarte, Y., Kaaniche, M.: Quantitative assessment of operational security: Models and tools. Technical Report 96493 (1996)Google Scholar
  9. 9.
    Farmer, D., Spafford, E.H.: The COPS security checker system. In: USENIX Summer, pp. 165–170 (1990)Google Scholar
  10. 10.
    Hoo, K.S.: Metrics of network security. White Paper (2004)Google Scholar
  11. 11.
    Howard, M., Pincus, J., Wing, J.: Measuring relative attack surfaces. In: Workshop on Advanced Developments in Software and Systems Security (2003)Google Scholar
  12. 12.
    Jajodia, S., Noel, S., O’Berry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats: Issues, Approaches and Challenges, Kluwer Academic Publishers, Dordrecht (2003)Google Scholar
  13. 13.
    Manadhata, K., Wing, J.M., Flynn, M.A., McQueen, M.A.: Measuring the attack surfaces of two ftp daemons. In: Quality of Protection Workshop (2006)Google Scholar
  14. 14.
    Mehta, V., Bartzis, C., Zhu, H., Clarke, E.M., Wing, J.M.: Ranking attack graphs. In: Recent Advances in Intrusion Detection (2006)Google Scholar
  15. 15.
    Noel, S., Jajodia, S.: Correlating intrusion events and building attack scenarios through attack graph distance. In: Yew, P.-C., Xue, J. (eds.) ACSAC 2004. LNCS, vol. 3189, Springer, Heidelberg (2004)Google Scholar
  16. 16.
    Noel, S., Jajodia, S., O’Berry, B., Jacobs, M.: Efficient minimum-cost network hardening via exploit dependency grpahs. In: Omondi, A.R., Sedukhin, S. (eds.) ACSAC 2003. LNCS, vol. 2823, Springer, Heidelberg (2003)Google Scholar
  17. 17.
    National Institute of Standards and Technology (Computer Security Division) (2007),
  18. 18.
    National Institute of Standards and Technology. Technology assessment: Methods for measuring the level of computer security. NIST Special Publication, pp. 500-133 (1985)Google Scholar
  19. 19.
    Ortalo, R., Deswarte, Y., Kaaniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Trans. Software Eng. 25(5), 633–650 (1999)CrossRefGoogle Scholar
  20. 20.
    Wing, J., Manadhata, P.: Measuring a system’s attack surface. Technical Report CMU-CS-04-102 (2004)Google Scholar
  21. 21.
    Pamula, J., Jajodia, S., Ammann, P., Swarup, V.: A weakest-adversary security metric for network configuration security analysis. In: Proceedings of the 2nd ACM workshop on Quality of protection, pp. 31–38. ACM Press, New York (2006)CrossRefGoogle Scholar
  22. 22.
    Phillips, C., Swiler, L.: A graph-based system for network-vulnerability analysis. In: Proceedings of the New Security Paradigms Workshop (NSPW 1998) (1998)Google Scholar
  23. 23.
    Ramakrishnan, C.R., Sekar, R.: Model-based analysis of configuration vulnerabilities. Journal of Computer Security 10(1/2), 189–209 (2002)CrossRefGoogle Scholar
  24. 24.
    Reiter, M.K., Stubblebine, S.G.: Authentication metric analysis and design. ACM Transactions on Information and System Security 2(2), 138–158, 5 (1999)CrossRefGoogle Scholar
  25. 25.
    Ritchey, R., Ammann, P.: Using model checking to analyze network vulnerabilities. In: Proceedings of the 2000 IEEE Symposium on Research on Security and Privacy (S&P 2000), pp. 156–165. IEEE Computer Society Press, Los Alamitos (2000)CrossRefGoogle Scholar
  26. 26.
    Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy (S&P 2002), pp. 273–284. IEEE Computer Society Press, Los Alamitos (2002)CrossRefGoogle Scholar
  27. 27.
    Swanson, M., Bartol, N., Sabato, J., Hash, J., Graffo, L.: Security metrics guide for information technology systems. NIST Special Publication, pp. 800-855 (2003)Google Scholar
  28. 28.
    Swiler, L., Phillips, C., Ellis, D., Chakerian, S.: Computer attack graph generation tool. In: Proceedings of the DARPA Information Survivability Conference & Exposition II (DISCEX 2001) (2001)Google Scholar
  29. 29.
    Wang, L., Liu, A., Jajodia, S.: An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 247–266. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  30. 30.
    Wang, L., Liu, A., Jajodia, S.: Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts. Computer Communications 29(15), 2917–2933 (2006)CrossRefGoogle Scholar
  31. 31.
    Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Computer Communications 29(18), 3812–3824, 11 (2006)CrossRefGoogle Scholar
  32. 32.
    Wang, L., Yao, C., Singhal, A., Jajodia, S.: Interactive analysis of attack graphs using relational queries. In: Proceedings of 20th IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2006), pp. 119–132 (2006)Google Scholar
  33. 33.
    Zerkle, D., Levitt, K.: Netkuang - a multi-host configuration vulnerability checker. In: Proceedings of the 6th USENIX Unix Security Symposium (USENIX 1996) (1996)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2007

Authors and Affiliations

  • Lingyu Wang
    • 1
  • Anoop Singhal
    • 2
  • Sushil Jajodia
    • 3
  1. 1.Concordia Institute for Information Systems Engineering, Concordia University, Montreal, QC H3G 1M8Canada
  2. 2.Computer Security Division, NIST, Gaithersburg, MD 20899USA
  3. 3.Center for Secure Information Systems, George Mason University, Fairfax, VA 22030-4444USA

Personalised recommendations