Empirical risk assessment of attack graphs using time to compromise framework Online publication date: Mon, 06-Sep-2021
by Urvashi Garg; Geeta Sikka; Lalit K. Awasthi
International Journal of Information and Computer Security (IJICS), Vol. 16, No. 1/2, 2021
Abstract: The proliferated complexity of network size together with the expeditious development of software system applications and their large number of vulnerabilities, security hardening is becoming a challenge for security specialists. Operating systems and applications need to be updated on time to ensure the security of the system, but it is neither feasible nor possible to remove every single vulnerability on a system. In this research work, time-based analysis strategy has been proposed to prioritise the machines in terms of their risk factor so as to handle riskier one first. In this regard, a real-time network has been analysed and observed for vulnerabilities present on various systems/machines/hosts in the network and attack graph is generated. Further, the proposed technique was applied on attack nodes (hosts) to find the approximate time to exploit the systems which can be further used to prioritise hosts and attack paths according to their risk of being exploited. Additionally, the proposed methodology can be advantageous in a finding minimal set of machines that needs attention to ensure complete network security. To the best of authors' knowledge, this is the first time that attack paths have been analysed and prioritised using the time to compromise scheme.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Information and Computer Security (IJICS):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook