This research investigates efficient and effective quantitative risk analytics methods for enterprise network security. The research uses attack graphs, a widely used and well-tested technique for enterprise network security analysis, as the foundation to build a metric model. It aims to produce a theoretically sound model with extensive empirical evaluation on continuous fresh data from production networks. The soundness ensures that the computed metrics have a clear meaning, which is useful since inputs to such metric models are inevitably imprecise probability estimates, but one still needs the computed metrics to be meaningful within a known error bound so that they can be further applied to estimate expected loss from possible cyber breaches. The research investigates methods that can calculate such metrics both efficiently, and with controlled accuracy. The metric model will be evaluated on continuous fresh data produced from the PI's departmental network at Kansas State University, as well as other available data sources.
This research will provide technology and tools for organizations to dramatically improve the efficiency in security administration of their enterprise networks. The metric models developed from the research will facilitate knowledge sharing among stake holders in cyber security, leading to standardized technologies that benefit our society. The PI's intend to widely disseminate the research result to security practitioners in the field, through tutorials and workshops. The researchers will collaborate with Idaho National Laboratory to apply the metric models to critical infrastructure protection. The research/education activities also outreach to a larger community, including women and other under-represented groups in science and engineering, through the various programs already established at Kansas State University.
For further information see the project web site at the URL: http://people.cis.ksu.edu/~xou/securitymetrics/
This research investigates efficient and effective quantitative risk analytics methods for enterprise network security. The research uses attack graphs, a widely used and well-tested technique for enterprise network security analysis, as the foundation to build a metric model. It has produced a theoretically sound model with extensive empirical evaluation on continuous fresh data from production networks. The soundness ensures that the computed metrics have a clear meaning, which is useful since inputs to such metric models are inevitably imprecise probability estimates, but one still needs the computed metrics to be meaningful within a known error bound so that they can be further applied to estimate expected loss from possible cyber breaches. The research produced methods that can calculate such metrics both efficiently, and with controlled accuracy. The metric model was evaluated on continuous fresh data produced from the PI's departmental network at Kansas State University, as well as other available data sources. The research also produced a model that reveals how cloud security may be impacted by software security bugs to different degrees depending on the prevalence of the vulnerabilities, as well as an abstraction model for defining cloud-based IT systems. This research provided technology and tools for organizations to dramatically improve the efficiency in security administration of their enterprise networks. The metric models developed from the research facilitates knowledge sharing among stake holders in cyber security, leading to standardized technologies that benefit our society. The PI's widely disseminated the research result to security practitioners in the field, through tutorials, workshops, and other speeches. The researchers collaborated with NIST and HP on this research. The research/education activities also outreached to a larger community, including women and other under-represented groups in science and engineering, through the various programs established at Kansas State University.
