Abstract
With the increase in using computer networking, the security risk has also increased. To protect the network from attacks, attack graph has been used to analyze the vulnerabilies of the network. However, properly securing networks requires quantifying the level of security offered by these actions, as you cannot enhance what you cannot measure. Security metrics provide a qualitative and quantitative representation of a system's or network's security level. However, using existing security metrics can lead to misleading results. This work proposed three metrics, which is the Number of Vulnerabilities (NV), Mean Vulnerabilities on Path (MVoP), and the Weakest Path (WP). The experiment of this work used two networks to test the metrics. The results show the effect of these metrics on finding the weaknesses of the network that the attacker may use.
Highlights
Nowadays, the use of network technology has increased [1], [2]
The Common Vulnerabilities and Exposures (CVE) and National Vulnerability Database (NVD) lists were employed, which were provided by National Institute of Standards and Technology (NIST) to load the vulnerabilities to the attack graph
Three metrics had been proposed, which is Number of Vulnerabilities (NV), Mean Vulnerabilities on Path (MVoP), Weakest Path (WP) metrics. These three metrics depend on vulnerabilities as a major factor to measure the security of the network
Summary
The use of network technology has increased [1], [2]. since the network is advantageous for people to live and work in, it carries security problems that must not be overlooked [2]. Attack graphs are used by researchers to improve the network's security One of these applications is the computation of network security metrics. Attack graphs may be employed to generate network security metrics to analyze the target network's overall security. In[14], the authors divided the attack graph-based security metrics into two types, which are host and network-based metrics. The network-based uses the structure of a network to aggregate the network's security property This type of metrics is classified into two categories, which is path and non-path metrics. Using these metrics sometimes gives misleading results, failing to sufficiently account for the number of ways an attacker violates a security policy.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Advanced Computer Science and Applications
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
