A Quantitative Risk Analysis Model and Simulation of Enterprise Networks
In a computer network, an attacker can get access and privilege to critical assets through step by step vulnerabilities exploitation of network devices. These security problems need to be resolved to protect an enterprise network from great data loss and business interruptions. One of the ways to protect a network is to analyze network risk at given network topology and security conditions and act accordingly to secure the critical devices before an attacker takes benefit of vulnerabilities on transition devices. In this thesis, we proposed a quantitative risk analysis model to compute network risk. We consider network risk as a function of total vulnerabilities exploitation along the path and impact of exploitation. Most of the research including Topological Vulnerability Analysis (TVA) models and analyzes attacking pathway to target host through attack graph generation. They consider only vulnerabilities along the path to measure the security of the network. However, in this thesis, we compute the network security based on both vulnerability exploitation cost along the path and the impact of exploits (based on risk). We also bolster our approach with simulation results and show how risk score changes with varying parameters.
Prabin B Lamichhane,
"A Quantitative Risk Analysis Model and Simulation of Enterprise Networks"
ETD Collection for Tennessee State University.