Validating and restoring defense in depth using attack graphs
Subsequently, we predict attack path, recognize attack intention and estimate the impact through analysis of attack graph.These help administrators to insight into intrusion steps, determine security state and assess threat. Frincke, “Improving the Quality of Alerts and Predicting Intruder’s Next Goal with Hidden Colored Petri-Net,” Computer Networks, Vol.
An identification and analysis method for network real-time threats is proposed to accurately assess and master the current network security situation, and thereby preferably guide a dynamic defense.
This allows us to directly compare diverse security products and to compute the increase in total detection rate gained by adding a security product to a defense in depth strategy not just its stand alone detection rate.
This approach provides an automated means of evaluating risks and the security posture of alternative security architectures.
This method recognizes the current threats and predicts the subsequent threats by modeling attack scenarios and simulating attack state transferring.
The threat identification model is called Attack State Transition Graph and Real-Time Attack State Graph, which is constructed by an Expanded Finite-State Automata.