Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs

  • Anoop SinghalEmail author
  • Xinming Ou


Today’s information systems face sophisticated attackers who combine multiple vulnerabilities to penetrate networks with devastating impact. The overall security of an enterprise network cannot be determined by simply counting the number of vulnerabilities. To more accurately assess the security of enterprise systems, one must understand how vulnerabilities can be combined and exploited to stage an attack. Composition of vulnerabilities can be modeled using probabilistic attack graphs, which show all paths of attacks that allow incremental network penetration. Attack likelihoods are propagated through the attack graph, yielding a novel way to measure the security risk of enterprise systems. This metric for risk mitigation analysis is used to maximize the security of enterprise systems. This methodology based on probabilistic attack graphs can be used to evaluate and strengthen the overall security of enterprise networks.


  1. 1.
    A. Jaquith, Security Metrics: Replacing Fear, Uncertainty, and Doubt (Addison Wesley, Upper Saddle River, 2007)Google Scholar
  2. 2.
    S. Noel, J. Jajodia, Understanding complex network attack graphs through clustered adjacency matrices, in Proceedings of the 21st Annual Computer Security Applications Conference (2005)Google Scholar
  3. 3.
    S. Noel, S. Jajodia, Managing attack graph complexity through visual hierarchical aggregation, in Proceedings of the ACM CCS Workshop on Visualization and Data Mining for Computer Security (2004)Google Scholar
  4. 4.
    S. Jajodia, S. Noel, B. O’Berry, Topological analysis of network attack vulnerability, in Managing Cyber Threats: Issues, Approaches and Challenges, ed. by V. Kumar, J. Srivastava, A. Lazarevic (Springer, New York, 2005)Google Scholar
  5. 5.
    K. Ingols, R. Lippmann, K. Piwowarski, Practical attack graph generation for network defense, in Proceedings of ACSAC Conference (2006)Google Scholar
  6. 6.
    K. Ingols, M. Chu, R. Lippmann, S. Webster, S. Boyer, Modeling modern network attacks and countermeasures using attack graphs, in Proceedings of ACSAC Conference (2009)Google Scholar
  7. 7.
    X. Ou, W.F. Boyer, M.A. McQueen, A scalable approach to attack graph generation, in Proceedings of 13th ACM CCS Conference (2006), pp. 336–345Google Scholar
  8. 8.
    X. Ou, S. Govindavajhala, A.W. Apple, MULVAL: a logic based network security analyzer, in 14th USENIX Security Symposium (2005)Google Scholar
  9. 9.
  10. 10.
    RedSeal Systems,
  11. 11.
    Nessus Vulnerability Scanner,
  12. 12.
    Retina Security Scanner,
  13. 13.
    L. Wang, A. Singhal, S. Jajodia, Measuring the overall security of network configurations using attack graphs, in Proceedings of the 21st IFIP WG 11.3 Working Conference on Data and Applications Security (Springer-Verlag, 2007)Google Scholar
  14. 14.
    J. Pamula, S. Jajodia, P. Ammann, V. Swarup, A weakest-adversary security metric for network configuration security analysis, in Proceedings of the 2nd ACM Workshop on Quality of Protection (ACM Press, 2006)Google Scholar
  15. 15.
    The Systems Security Engineering Capability Maturity Model,
  16. 16.
    M. Swanson, N. Bartol, J. Sabato, J. Hash, L. Graffo, Security Metrics Guide for Information Technology Systems, Special Publication 800-55 (National Institute of Standards and Technology, 2003)Google Scholar
  17. 17.
    G. Stoneburner, C. Hayden, A. Feringa, Engineering Principles for Information Technology Security, Special Publication 800-27 (Rev A) (National Institute of Standards and Technology, 2004)Google Scholar
  18. 18.
    Joint Task Force Transformation Initiative, NIST Special Publication 800-39, Managing Information Security Risk, Organization, Mission and Information System Review (2011)Google Scholar
  19. 19.
    E. Chew, M. Swanson, K. Stine, N. Bartol, A. Brown, W. Robinson, NIST Special Publication 800-55 Revision 1, Performance Measurement Guide for Information Security (2008)Google Scholar
  20. 20.
    G. Stoneburner, A. Goguen, A. Feringa, NIST Special Publication 800-30, Risk Management Guide for Information Technology Systems (2001)Google Scholar
  21. 21.
    P. Mell, K. Scarforne, S. Romanosky, A Complete Guide to the Common Vulnerability Scoring System (CVSS) Version 2.0,
  22. 22.
    R. Ritchey, P. Ammann, Using model checking to analyze network vulnerabilities, in Proceedings of the IEEE Symposium on Security and Privacy (2000)Google Scholar
  23. 23.
    O. Sheyner, J. Haines, S. Jha, R. Lippmann, J. Wing, Automated generation and analysis of attack graphs, in Proceedings of the IEEE Symposium on Security and Privacy (2002)Google Scholar
  24. 24.
    P. Ammann, D. Wijesekera, S. Kaushik, Scalable, graph-based network vulnerability analysis, in Proceedings of the ACM Conference on Computer and Communications Security (2002)Google Scholar
  25. 25.
    R. Lippmann, K. Ingols, C. Scott, K. Piwowarski, K. Kratkiewicz, M. Artz, R. Cunningham, Validating and restoring defense in depth using attack graphs, in MILCOM Military Communications Conference (2006)Google Scholar
  26. 26.
    S. Noel, S. Jajodia, Advanced vulnerability analysis and intrusion detection through predictive attack graphs, in Critical Issues in C4I, Armed Forces Communications and Electronics Association (AFCEA) Solutions Series (2009)Google Scholar
  27. 27.
    S. Noel, S. Jajodia, Proactive intrusion prevention and response via attack graphs, in Practical Intrusion Detection, ed. by R. Trost Addison-Wesley Professional, (2009)Google Scholar
  28. 28.
    F. Cuppens, R. Ortalo, LAMBDA: a language to model a database for detection of attacks, in Proceedings of the Workshop on Recent Advances in Intrusion Detection (2000)Google Scholar
  29. 29.
    S. Templeton, K. Levitt, A requires/provides model for computer attacks, in Proceedings of the New Security Paradigms Workshop (2000)Google Scholar
  30. 30.
    R. Ritchey, B. O’Berry, S. Noel, Representing TCP/IP connectivity for topological analysis of network security, in Proceedings of the 18th Annual Computer Security Applications Conference (2002)Google Scholar
  31. 31.
    R. Lippmann, K. Ingols, An Annotated Review of Past Papers on Attack Graphs, Lincoln Laboratory Technical Report ESC-TR-2005-054 (2005)Google Scholar
  32. 32.
    M. Frigault, L. Wang, A. Singhal, S. Jajodia, Measuring network security using dynamic bayesian network, in 2008 ACM Workshop on Quality of Protection, October 2008Google Scholar
  33. 33.
    L. Wang, T. Islam, T. Long, A. Singhal, S. Jajodia, An attack graph based probabilistic security metrics, in Proceedings of 22nd IFIP WG 11.3 Working Conference on Data and Application Security (DBSEC 2008), London, UK, July 2008Google Scholar
  34. 34.
    A. Singhal, S. Xou, Techniques for enterprise network security metrics, in Proceedings of 2009 Cyber Security and Information Intelligence Research Workshop, Oakridge National Labs, Oakridge, April 2009Google Scholar
  35. 35.
    P. Manadhata, J. Wing, M. Flynn, M. McQueen, Measuring the attack surface of two FTP daemons, in Proceedings of 2nd ACM Workshop on Quality of Protection (2006)Google Scholar
  36. 36.
    J. Homer, X. Ou, D. Schmidt, A Sound and Practical Approach to Quantifying Security Risk in Enterprise Networks,” Technical report, Kansas State University, Computing and Information Sciences Department (2009)Google Scholar
  37. 37.
    J. Wang, N. Singhal, K Zero day safety: measuring the security of networks against unknown attacks, in European Symposium on Research in Computer Security (ESORICS), September 2010Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Computer Security DivisionNISTGaithersburgUSA
  2. 2.Department of Computer Science and EngineeringUniversity of South FloridaTampaUSA

Personalised recommendations