Abstract
Security Metrics help network administrators master the security status and strengthen security management for many years. Recently, with the usages of many new techniques and network structures, the cyber attacks become complex and the security measurement has received more and more attentions. However, existing methods usually focus on one aspect of security and the indicators used are usually difficult to quantify, which makes it difficult to understand network security status in some real circumstance. In this paper, we consider the network system security from the perspective of attack and defense and the changes of external security environment to propose a comprehensive and quantifiable index system for network security measurement. We illustrate the corresponding theories and the usages of each selected indicators and we also complete the real-time security measurement in various attacks and defenses by using NS3 simulator. The simulation results verify the correctness and rationality of the proposed Security Measurement Index System.
National Key R&D Program of China (grant 2016YFB0800700), NSFC (grants 61602359 and 11571281), Fundamental Research Funds for the Central Universities (JB150115) and the 111 project (grant B16037).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Hayden, L.: IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data. McGraw Hill, New York (2010)
Ahmed, M.S., AI-Shaer, E., Khan, L.: A novel quantitative approach for measuring network security. In: The 27th IEEE Conference on Computer Communications, pp. 1957–1965. IEEE Communication Security, Phoenix (2008)
AI-Shaer, E., Khan, L., Ahmed, M.S.: A comprehensive objective network security metric framework for proactive security configuration. In: The 4th Cyber Security and Information Intelligence Research Workshop, Association for Computing Machinery, New York (2008). https://doi.org/10.1145/1413140.1413189
Liu, G., Yan, Z., Pedryczc, W.: Data collection for attack detection and security measurement in mobile Ad Hoc networks: a survey. J. Netw. Comput. Appl. 105, 105–122 (2018)
Li, G.Q., Yan, Z., Fu, Y.L.: Data fusion for network intrusion detection: a review. Secur. Commun. Netw. 2018, 1–16 (2018)
Atzeni, A., Lioy, A.: Why to adopt a security metric? a brief survey. In: Gollmann, D., Massacci, F., Yautsiukhin, A. (eds.) Quality of Protection. ADIS, vol. 23. Springer, Boston (2006)
Chen, X.Z., Zheng, Q.H., Guan, X.H.: Quantitative hierarchical threat evaluation model for network security. J. Softw. 17(4), 885–897 (2006)
Pendleton, M., Garcia-lebron, R., Cho, J.H.: A survey on systems security metrics. ACM Comput. Surv. 49(4), 62–96 (2016)
Jing, X.Y., Yan, Z., Pedryczc, W.: Security data collection and data analytics in the internet: a survey. IEEE Commun. Surv. Tutorials 21(1), 586–618 (2018)
Lin, H.Q., Yan, Z., Zhang, L.: A survey on network security-related data collection technologies 2018, p. 1 (2018)
Jing, X.Y., Yan, Z., Pedrycz, W.: Network traffic fusion and analysis against DDoS flooding attacks with a novel reversible sketch (2018)
Hong, J.B., Yusuf, E.S., Seong, K.D.: Dynamic security metrics for measuring the effectiveness of moving target defense techniques. Comput. Secur. 79, 33–52 (2018)
Abraham, S., Nair, S.: A stochastic model for security quantification using absorbing Markov chains. J. Commun. 9, 899–907 (2014)
Li, G.Q., Yan, Z., Fu, Y.L.: A study and simulation research of blackhole attack on mobile AdHoc network. In: 2018 IEEE Conference on Communications and Network Security, pp. 1–6. IEEE Communication Security, Phoenix (2018)
Snort users manual. http://manual-snort-org.s3-website-us-east-1.amazonaws.com/snort_manual.html. Accessed 2018
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Li, G., Fu, Y., Yan, Z., Hao, W. (2019). Quantifiable Network Security Measurement: A Study Based on an Index System. In: Chen, X., Huang, X., Zhang, J. (eds) Machine Learning for Cyber Security. ML4CS 2019. Lecture Notes in Computer Science(), vol 11806. Springer, Cham. https://doi.org/10.1007/978-3-030-30619-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-30619-9_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30618-2
Online ISBN: 978-3-030-30619-9
eBook Packages: Computer ScienceComputer Science (R0)