This document discusses extending and aggregating attack graph-based security metrics to more accurately assess network security. It proposes a new suite of complimentary metrics to overcome the shortcomings of existing metrics like shortest path, number of paths, and mean path length. Specifically, it suggests an algorithm to combine these metrics to better determine which of two attack graphs corresponds to the most secure network configuration in many cases.

1. Impulse Technologies
Beacons U to World of technology
044-42133143, 98401 03301,9841091117 ieeeprojects@yahoo.com www.impulse.net.in
Extending Attack Graph-Based Security Metrics & Aggregating
Their App.
Abstract—
The attack graph is an abstraction that reveals the ways an attacker can
leverage vulnerabilities in a network to violate a security policy. When used with
attack graph-based security metrics, the attack graph may be used to quantitatively
assess security-relevant aspects of a network. The Shortest Path metric, the
Number of Paths metric, and the Mean of Path Lengths metric are three attack
graph-based security metrics that can extract security-relevant information.
However, one's usage of these metrics can lead to misleading results. The Shortest
Path metric and the Mean of Path Lengths metric fail to adequately account for the
number of ways an attacker may violate a security policy. The Number of Paths
metric fails to adequately account for the attack effort associated with the attack
paths. To overcome these shortcomings, we propose a complimentary suite of
attack graph-based security metrics and specify an algorithm for combining the
usage of these metrics. We present simulated results that suggest that our approach
reaches a conclusion about which of two attack graphs correspond to a network
that is most secure in many instances.
Your Own Ideas or Any project from any company can be Implemented
at Better price (All Projects can be done in Java or DotNet whichever the student wants)
1