Соколова О.Д.  

Evaluating Security of Computer Networks based on Attack Graphs

To analyze the stability of the network is required to investigate its vulnerability,  to find "narrow" places, the using of ones  may impair the network functioning. To solve these problems, we can use some approaches, for example, the construction of  an attack graph for the network. Attack graph for a given network topology is a directed graph representing all possible sequences of actions that result in disrupted the normal functioning of the network. These action sequences are called attack tracks. In the case of recognition of dangerous situations it is necessary to suppress tracks attacks (changing the channel capacity, installation of protective screens etc.). The paper addresses the problem of investigating the information network in order to identify its "narrow" places - simulated network performance when subjected to various attacks (Denial of Service and so on). The algorithm for finding the track, leading to dangerous conditions, is discribed. We can selecte a critical set of arcs, the removal of which makes it impossible to achieve the dangerous conditions. Thus, a set of actions necessary to enhance network security, is found.

To reports list