Extending Attack Graph-Based Metrics for Enterprise Network Security Management

Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 44)


Measurement of enterprise network security is a long standing challenge to the research community. However, practical security metrics are vital for securing enterprise networks. With the constant change in the size and complexity of enterprise networks, and application portfolios as well, network attack surface keeps changing and hence monitoring of security performance is increasingly difficult and challenging problem. Existing attack graph-based security metrics are inefficient in capturing change in the network attack surface. In this paper, we have explored the possible use of graph-based distance metrics for capturing the change in the security level of dynamically evolving enterprise networks. We used classical graph similarity measures such as Maximum Common Subgraph (MCS), and Graph Edit Distance (GED) as an indicator of change in the enterprise network security. Our experimental results shows that graph similarity measures are efficient and capable of capturing changing network attack surface in dynamic (i.e. time varying) enterprise networks.


Graph similarity measures Attack surface Attack graph Network security and protection Security metric 


  1. 1.
    Phillips, C., Swiler, L.: A graph-based system for network vulnerability analysis. In: Proceedings of the 1998 workshop on New Security Paradigms (NSPW ‘98), pp. 71–79. ACM, New York, NY, USA (1998)Google Scholar
  2. 2.
    Ortalo, R., Deswarte, Y., Kaaniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Trans. Softw. Eng. 25, 633–650 (1999)CrossRefGoogle Scholar
  3. 3.
    Li, W., Vaughn, B.: Cluster security research involving the modeling of network exploitations using exploitation graphs. In: Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID’’06). IEEE Computer Society, Washington, DC, USA (2006)Google Scholar
  4. 4.
    Idika, N., Bhargava, B.: Extending attack graph-based security metrics and aggregating their application. IEEE Trans. Dependable Secure Comput. 9(1), 75–85 (2012)Google Scholar
  5. 5.
    Noel, S., Jajodia, S.: Metrics suite for network attack graph analytics. In: 9th Annual Cyber and Information Security Research Conference (CISRC). Oak Ridge National Laboratory, Tennessee (2014)Google Scholar
  6. 6.
    Bunke, H., Messmer, B.: A graph distance metric based on the maximal common subgraph. Pattern Recogn. Lett. 19, 255–259 (1998)CrossRefMATHGoogle Scholar
  7. 7.
    Messmer, B., Bunke, H.: An algorithm for error-tolerant sub-graph isomorphism detection. IEEE Trans. Pattern Anal. Mach. Intell. 20(5), 492–504 (1998)CrossRefGoogle Scholar
  8. 8.
    Rinsen, K., Emmenegger, S., Bunke, H.: A novel software toolkit for graph edit distance computation. In: Kropatsch, W. et al. (eds.) GbRPR 2013. LNCS, vol. 7877, pp. 142–151. Springer, Berlin (2013)Google Scholar
  9. 9.
    Wang, L., Singhal, A., Jajodia, S.: Measuring the overall security of network configurations using attack graphs. In: 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security, vol. 4602, pp. 98–112. Springer, Berlin (2007)Google Scholar
  10. 10.
  11. 11.
    Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. J. Comp. Comm. 29(18), 3812–3824 (2006)CrossRefGoogle Scholar
  12. 12.
    Kundu, A., Ghosh N., Chokshi I., Ghosh S.: Analysis of attack graph-based metrics for quantification of network security. In: 2012 Annual IEEE India Conference (INDICON) (2012)Google Scholar
  13. 13.
    Dickinson, P.J.: Matching graphs with unique node labels. J. Pattern Anal. Appl. 7(3), 243–254 (2004) (Springer)Google Scholar
  14. 14.
  15. 15.
    Beytullah, Y., Gurkan, G., Fatih, A.: Cost-aware network hardening with limited budget using compact attack graphs. In: 2014 IEEE Military Communications Conference (MILCOM), pp. 152–157, 6–8 Oct 2014Google Scholar
  16. 16.
    Showbridge, P., Kraetzl, M., Ray, D.: Detection of abnormal change in dynamic networks. In: Information, Proceedings of Decision and Control, 1999, (IDC’99), pp. 557–562 (1999)Google Scholar

Copyright information

© Springer India 2016

Authors and Affiliations

  1. 1.Center for Information Assurance & Management (CIAM)Institute for Development and Research in Banking Technology (IDRBT)HyderabadIndia
  2. 2.School of Computer and Information Sciences (SCIS)University of HyderabadHyderabadIndia

Personalised recommendations