Document Type: Original Article
Data and Communication Security Lab, Computer Engineering Dept, Ferdowsi University of Mashhad, Iran
Data and Communication Security Lab., Computer Dept., Ferdowsi University of Mashhad, Iran
In security risk management of computer networks, there are challenges which are more serious in large networks. Specifying and estimating risks is largely dependent on the knowledge of security experts. In this paper, a framework for security risk estimation is proposed to address this issue. It represents the security knowledge required for security risk estimation and utilizes current security metrics and vulnerability databases. Attack graph is used to model multi-stage attacks and Bayesian network is used to obtain the probability of exploits. This framework is a major step torwards automating the process of security risk estimation so that a network administrator can estimate the risk of the network with less expertise and effort. As case studies, the proposed framework is applied to multiple sample networks to show its applicability and usability in operational environments. The comparison of results with two existing methods showed the validity of the estimations given by the proposed framework.