Attack Graph Based Evaluation of Network Security

Abstract. The perspective directions in evaluating network security are simu-lating possible malefactor’s actions, building the representation of these actions as attack graphs (trees, nets), the subsequent checking of various properties of these graphs, and determining security metrics which can explain possible ways to increase security level. The paper suggests a new approach to security evaluation based on comprehensive simulation of malefactor’s actions, con-struction of attack graphs and computation of different security metrics. The approach is intended for using both at design and exploitation stages of com-puter networks. The implemented software system is described, and the exam-ples of experiments for analysis of network security level are considered