A systematic evaluation of cybersecurity metrics for dynamic networks

Simon Yusuf Enoch, Mengmeng Ge, Jin B. Hong, Hani Alzaid, Dong Seong Kim

Research output: Contribution to journalArticle

Abstract

It is difficult to assess the security of modern networks because they are usually dynamic with configuration changes (such as changes in topology, firewall rules, etc). Graphical security models (e.g., Attack Graphs and Attack Trees) are widely used to systematically analyse the security posture of network systems using security metrics. However, there are problems using them to assess the security of dynamic networks. First, most models are unable to capture dynamic changes occurring in the networks over time. Second, the existing security metrics are not designed for the analysis of dynamic networks and hence their effectiveness to the dynamic changes in the network still remains unclear. In this paper, we systematically categorise network changes into two categories (i.e., changes in hosts and changes in edges). We conduct a comprehensive analysis to evaluate the effectiveness of security metrics using a Temporal Hierarchical Attack Representation Model, which can capture and analyse the changes in the security of network systems. Further, we investigate the varying effects of security metrics when changes are observed in the dynamic networks. Our simulation results show that different security metrics (except the shortest attack path) have varying security posture changes with respect to changes in the network (when we introduce time to them). However, none of the security metrics consistently changes for all the network changes that we observe in our scenarios. Hence, the results provide some insights into what security metrics can change (accordingly) when a particular network change is observed. It also provides a foundation for further research in this area.

Original languageEnglish
Pages (from-to)216-229
Number of pages14
JournalComputer Networks
Volume144
DOIs
Publication statusPublished - 24 Oct 2018

Fingerprint

Security systems
Topology

Cite this

Enoch, Simon Yusuf ; Ge, Mengmeng ; Hong, Jin B. ; Alzaid, Hani ; Kim, Dong Seong. / A systematic evaluation of cybersecurity metrics for dynamic networks. In: Computer Networks. 2018 ; Vol. 144. pp. 216-229.
@article{1baef65680b84fd19bf1e38988c0a76c,
title = "A systematic evaluation of cybersecurity metrics for dynamic networks",
abstract = "It is difficult to assess the security of modern networks because they are usually dynamic with configuration changes (such as changes in topology, firewall rules, etc). Graphical security models (e.g., Attack Graphs and Attack Trees) are widely used to systematically analyse the security posture of network systems using security metrics. However, there are problems using them to assess the security of dynamic networks. First, most models are unable to capture dynamic changes occurring in the networks over time. Second, the existing security metrics are not designed for the analysis of dynamic networks and hence their effectiveness to the dynamic changes in the network still remains unclear. In this paper, we systematically categorise network changes into two categories (i.e., changes in hosts and changes in edges). We conduct a comprehensive analysis to evaluate the effectiveness of security metrics using a Temporal Hierarchical Attack Representation Model, which can capture and analyse the changes in the security of network systems. Further, we investigate the varying effects of security metrics when changes are observed in the dynamic networks. Our simulation results show that different security metrics (except the shortest attack path) have varying security posture changes with respect to changes in the network (when we introduce time to them). However, none of the security metrics consistently changes for all the network changes that we observe in our scenarios. Hence, the results provide some insights into what security metrics can change (accordingly) when a particular network change is observed. It also provides a foundation for further research in this area.",
keywords = "Attack graphs, Attack trees, Dynamic networks, Metrics, Security assessment, Security models",
author = "Enoch, {Simon Yusuf} and Mengmeng Ge and Hong, {Jin B.} and Hani Alzaid and Kim, {Dong Seong}",
year = "2018",
month = "10",
day = "24",
doi = "10.1016/j.comnet.2018.07.028",
language = "English",
volume = "144",
pages = "216--229",
journal = "Computer Networks",
issn = "0169-7552",
publisher = "Elsevier",

}

A systematic evaluation of cybersecurity metrics for dynamic networks. / Enoch, Simon Yusuf; Ge, Mengmeng; Hong, Jin B.; Alzaid, Hani; Kim, Dong Seong.

In: Computer Networks, Vol. 144, 24.10.2018, p. 216-229.

Research output: Contribution to journalArticle

TY - JOUR

T1 - A systematic evaluation of cybersecurity metrics for dynamic networks

AU - Enoch, Simon Yusuf

AU - Ge, Mengmeng

AU - Hong, Jin B.

AU - Alzaid, Hani

AU - Kim, Dong Seong

PY - 2018/10/24

Y1 - 2018/10/24

N2 - It is difficult to assess the security of modern networks because they are usually dynamic with configuration changes (such as changes in topology, firewall rules, etc). Graphical security models (e.g., Attack Graphs and Attack Trees) are widely used to systematically analyse the security posture of network systems using security metrics. However, there are problems using them to assess the security of dynamic networks. First, most models are unable to capture dynamic changes occurring in the networks over time. Second, the existing security metrics are not designed for the analysis of dynamic networks and hence their effectiveness to the dynamic changes in the network still remains unclear. In this paper, we systematically categorise network changes into two categories (i.e., changes in hosts and changes in edges). We conduct a comprehensive analysis to evaluate the effectiveness of security metrics using a Temporal Hierarchical Attack Representation Model, which can capture and analyse the changes in the security of network systems. Further, we investigate the varying effects of security metrics when changes are observed in the dynamic networks. Our simulation results show that different security metrics (except the shortest attack path) have varying security posture changes with respect to changes in the network (when we introduce time to them). However, none of the security metrics consistently changes for all the network changes that we observe in our scenarios. Hence, the results provide some insights into what security metrics can change (accordingly) when a particular network change is observed. It also provides a foundation for further research in this area.

AB - It is difficult to assess the security of modern networks because they are usually dynamic with configuration changes (such as changes in topology, firewall rules, etc). Graphical security models (e.g., Attack Graphs and Attack Trees) are widely used to systematically analyse the security posture of network systems using security metrics. However, there are problems using them to assess the security of dynamic networks. First, most models are unable to capture dynamic changes occurring in the networks over time. Second, the existing security metrics are not designed for the analysis of dynamic networks and hence their effectiveness to the dynamic changes in the network still remains unclear. In this paper, we systematically categorise network changes into two categories (i.e., changes in hosts and changes in edges). We conduct a comprehensive analysis to evaluate the effectiveness of security metrics using a Temporal Hierarchical Attack Representation Model, which can capture and analyse the changes in the security of network systems. Further, we investigate the varying effects of security metrics when changes are observed in the dynamic networks. Our simulation results show that different security metrics (except the shortest attack path) have varying security posture changes with respect to changes in the network (when we introduce time to them). However, none of the security metrics consistently changes for all the network changes that we observe in our scenarios. Hence, the results provide some insights into what security metrics can change (accordingly) when a particular network change is observed. It also provides a foundation for further research in this area.

KW - Attack graphs

KW - Attack trees

KW - Dynamic networks

KW - Metrics

KW - Security assessment

KW - Security models

UR - http://www.scopus.com/inward/record.url?scp=85051639397&partnerID=8YFLogxK

U2 - 10.1016/j.comnet.2018.07.028

DO - 10.1016/j.comnet.2018.07.028

M3 - Article

VL - 144

SP - 216

EP - 229

JO - Computer Networks

JF - Computer Networks

SN - 0169-7552

ER -