Evaluating the effectiveness of security metrics for dynamic networks

Simon Enoch Yusuf, Mengmeng Ge, Jin B. Hong, Hani Alzaid, Dong Seong Kim

Research output: Chapter in Book/Conference paperConference paperpeer-review

10 Citations (Scopus)

Abstract

It is difficult to assess the security of modern enterprise networks because they are usually dynamic with configuration changes (such as changes in topology, firewall rules, etc). Graphical security models (e.g., Attack Graphs and Attack Trees) and security metrics (e.g., attack cost, shortest attack path) are widely used to systematically analyse the security posture of network systems. However, there are problems using them to assess the security of dynamic networks. First, the existing graphical security models are unable to capture dynamic changes occurring in the networks over time. Second, the existing security metrics are not designed for dynamic networks such that their effectiveness to the dynamic changes in the network is still unknown. In this paper, we conduct a comprehensive analysis via simulations to evaluate the effectiveness of security metrics using a Temporal Hierarchical Attack Representation Model. Further, we investigate the varying effects of security metrics when changes are observed in the dynamic networks. Our experimental analysis shows that different security metrics have varying security posture changes with respect to changes in the network.

Original languageEnglish
Title of host publicationProceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017
Place of PublicationUSA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages277-284
Number of pages8
ISBN (Electronic)9781509049059
DOIs
Publication statusPublished - 7 Sep 2017
Externally publishedYes
Event16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017 - Sydney, Australia
Duration: 1 Aug 20174 Aug 2017

Conference

Conference16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017
Country/TerritoryAustralia
CitySydney
Period1/08/174/08/17

Fingerprint

Dive into the research topics of 'Evaluating the effectiveness of security metrics for dynamic networks'. Together they form a unique fingerprint.

Cite this