Composite Metrics for Network Security Analysis

Simon Enoch Yusuf, Jin Bum Hong, Mengmeng Ge, Dong Seong Kim

Research output: Contribution to journalArticle

Abstract

Security metrics present the security level of a system or a network in both
qualitative and quantitative ways. In general, security metrics are used to
assess the security level of a system and to achieve security goals. There
are a lot of security metrics for security analysis, but there is no systematic
classification of security metrics that is based on network reachability information. To address this, we propose a systematic classification of existing
security metrics based on network reachability information. Mainly, we
classify the security metrics into host-based and network-based metrics.
The host-based metrics are classified into metrics “without probability” and
“with probability”, while the network based metrics are classified into “pathbased” and “non-path based”. Finally, we present and describe an approach to develop composite security metrics and it’s calculations using a Hierarchical
Attack Representation Model (HARM) via an example network. Our novel
classification of security metrics provides a new methodology to assess the
security of a system.
Original languageEnglish
Pages (from-to)59-82
JournalConvergence Security
Volume2017
Issue number1
DOIs
Publication statusPublished - 25 Feb 2017
Externally publishedYes

    Fingerprint

Cite this