Open AccessExploring risk flow attack graph for security risk assessment
Author(s) -
Dai Fangfang,
Hu Ying,
Zheng Kangfeng,
Wu Bin
Publication year - 2015
Publication title -
iet information security
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.308
H-Index - 34
eISSN - 1751-8717
pISSN - 1751-8709
DOI - 10.1049/iet-ifs.2014.0272
Subject(s) - computer science , risk assessment , flow network , network security , graph , data mining , risk analysis (engineering) , computer security , theoretical computer science , mathematical optimization , mathematics , medicine
Researchers have previously looked into the problem of determining the connection between invasive events and network risk, and attack graph (AG) was proposed to seek countermeasures. However, AG has proved to have various limitations in practical applications. To overcome such defects, this study presents a risk flow attack graph (RFAG)‐based risk assessment approach. In particular, this approach applies a RFAG to represent network and attack scenarios, which are then fed to a network flow model for computing risk flow. A bi‐objective sorting algorithm is employed to automatically infer the priority of risk paths and assist risk assessment, and a fuzzy comprehensive evaluation is performed to determine risk severity. Via the aforementioned processes, the authors simplify AG and follow the risk path of originating, transferring, redistributing and converging to assess security risk. The authors use a synthetic network scenario to illustrate this approach and evaluate its performance through a set of simulations. Experiments show that the approach is capable of effectively identifying network security situations and assessing critical risk.