Attack graph-based security metrics: concept, taxonomy, challenges and open issues

• Published in: BIO Web of Conferences
• Main Author: Al-Araji Z.J.; Ahmad S.S.S.; Farhood H.M.; Mutlag A.A.; Al-Khaldee M.S.
• Format: Conference paper
• Language: English
• Published: EDP Sciences 2024
• Online Access: https://www.scopus.com/inward/record.uri?eid=2-s2.0-85190577581&doi=10.1051%2fbioconf%2f20249700085&partnerID=40&md5=be19136e043e3e4170f590bf75d6cfec

Context: Security issues have increased recently because of the increased use of networking. The researchers have proposed many models, approaches, and models, for example, attack graphs. The attack graph model is a valuable tool for vulnerability analysis as well as for displaying all network paths. In general, attack graphs can be utilized for a variety of purposes, including the calculation of security metrics. Nonetheless, in order to sufficiently safeguard networks, a technique for gauging the security degree provided by these activities is required, as "you cannot improve what you cannot measure." The security level of a system or network is typically represented by network security metrics in qualitative and quantitative ways. The network security metrics are typically employed to evaluate a system's security level and meet security objectives. Aim: This study aims to present a review of attack graph-based security metrics and analyse the previous work. Provides the limitations and issues the researchers faced to improve this important research area. Methodology: The attack graph security metrics field was thoroughly investigated in all research, and four databases-ScienceDirect, Web of Science (WoS), Scopus, and IEEE-were used to collect data between 2001 and 2022. Results: 46 papers were founded on attack graph security metrics with different methods and techniques based on the exclusion and inclusion criteria. The results of the taxonomy created three significant categories: proposed, implemented, reviewed, and surveyed. We believe this study will aid in highlighting research ability, which will subsequently broaden and establish new research topics. © The Authors, published by EDP Sciences. This is an open access article distributed under the terms of the Creative Commons Attribution License 4.0 (https://creativecommons.org/licenses/by/4.0/).