Extending attack graph-based metrics for enterprise network security management

Abstract

Measurement of enterprise network security is a long standing challenge to the research community. However, practical security metrics are vital for securing enterprise networks. With the constant change in the size and complexity of enterprise networks, and application portfolios as well, network attack surface keeps changing and hence monitoring of security performance is increasingly difficult and challenging problem. Existing attack graph-based security metrics are inefficient in capturing change in the network attack surface. In this paper, we have explored the possible use of graph-based distance metrics for capturing the change in the security level of dynamically evolving enterprise networks. We used classical graph similarity measures such as Maximum Common Subgraph (MCS), and Graph Edit Distance (GED) as an indicator of change in the enterprise network security. Our experimental results shows that graph similarity measures are efficient and capable of capturing changing network attack surface in dynamic (i.e. time varying) enterprise networks.