English

Composite Metrics for Network Security Analysis

Cryptography and Security 2021-05-19 v2

Abstract

Security metrics present the security level of a system or a network in both qualitative and quantitative ways. In general, security metrics are used to assess the security level of a system and to achieve security goals. There are a lot of security metrics for security analysis, but there is no systematic classification of security metrics that are based on network reachability information. To address this, we propose a systematic classification of existing security metrics based on network reachability information. Mainly, we classify the security metrics into host-based and network-based metrics. The host-based metrics are classified into metrics ``without probability" and "with probability", while the network-based metrics are classified into "path-based" and "non-path based". Finally, we present and describe an approach to develop composite security metrics and it's calculations using a Hierarchical Attack Representation Model (HARM) via an example network. Our novel classification of security metrics provides a new methodology to assess the security of a system.

Keywords

Cite

@article{arxiv.2007.03486,
  title  = {Composite Metrics for Network Security Analysis},
  author = {Simon Yusuf Enoch and Jin B. Hong and Mengmeng Ge and Dong Seong Kim},
  journal= {arXiv preprint arXiv:2007.03486},
  year   = {2021}
}

Comments

21 pages journal

R2 v1 2026-06-23T16:55:11.083Z