DEVELOPMENT OF GRAPH-BASED SECURITY METRIC
A computer network can consist of client hosts and server hosts. Vulnerabilities can be found on each host. Connectivity matrix represents a connectivity between a host to another host. Vulnerability matix represents every vulnerability in every host. Attack rule represents a rule for attacker to...
Saved in:
Main Author: | |
---|---|
Format: | Dissertations |
Language: | Indonesia |
Online Access: | https://digilib.itb.ac.id/gdl/view/37382 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Institut Teknologi Bandung |
Language: | Indonesia |
Summary: | A computer network can consist of client hosts and server hosts. Vulnerabilities
can be found on each host. Connectivity matrix represents a connectivity between
a host to another host. Vulnerability matix represents every vulnerability in every
host. Attack rule represents a rule for attacker to exploit a vulnerability. Attacker
privilege on every host can be expressed as a status privileged space.
In this dissertation, a graph-based network security metric was developed that
can be used to evaluate the security of a network. A graph-based network security
metric is used simultaneously so it form a group of graph-based network security
metrics. Furthermore, the group of graph-based network security metrics are used
to evaluate a computer network.
In this dissertation we produce an algorithm to generate a security status graph.
This algorithm generate a table which consist of all statuses of network security.
From this calculation table of network security status, it can be constructed three
types of graph these are status graph, host graph and vulnerability graph. These
types of graphs are constructed manually using graphviz. All network security
statuses in table are readable by a Matlab program so that the graph-based
network security metrics can be calculated.
The evaluation process of a computer network is performed by measuring network
security metrics. In this study, the method used to produce the graph has take into
account the network performance and can be used as a tool to analyze network
vulnerabilities. This method makes graph have additional capabilities in terms of
measuring the attack effect seen from the decline in network performance.
Furthermore, the choosing of countermeasures combination is done based on user
requirements. If the number of vulnerabilities on each host increases, then the
number of countermeasures combination increases exponentially.
In this research dissertation we constuct an algorithm to produce a security status
graph, host graph and vulnerability graph. Framework to evaluate and to
improve network security resulting in this research is used as a reference in
carrying out the experiment.
Security Metrics Group based on Attack Graph can be used to evaluate the
network security of a computer network. Increasing the number of hosts and
vulnerabilities on the network led to a decrease in the level of network security.
Hosts graph and vulnerabilities graph can be generated using a framework in this
dissertation.
|
---|