| Issue |
BIO Web Conf.
Volume 97, 2024
Fifth International Scientific Conference of Alkafeel University (ISCKU 2024)
|
|
|---|---|---|
| Article Number | 00085 | |
| Number of page(s) | 18 | |
| DOI | https://doi.org/10.1051/bioconf/20249700085 | |
| Published online | 05 April 2024 | |
Attack graph-based security metrics: Concept, taxonomy, challenges and open issues
1 Technical Computer Engineering Department, Al-Hadba University College, Mosul, Iraq
2 Faculty of Information & Communication Technology, Universiti Teknikal Malaysia Melaka, Melaka, Malaysia
3 Department of Communication and Engineering, School of Electrical Engineering, College of Engineering, University Teknologi MARA, Shah Alam, Selangor, Malaysia
4 Department of Computer Engineering, College of Engineering, Mustansiryah University, 10047 Baghdad, Iraq
5 Ministry of Education/General Directorate of Curricula, Pure Science Department, Baghdad 10065, Iraq
6 Ministry of Education, Mosul, Iraq
* Corresponding author: zaid.jm@hcu.edu.iq
Context: Security issues have increased recently because of the increased use of networking. The researchers have proposed many models, approaches, and models, for example, attack graphs. The attack graph model is a valuable tool for vulnerability analysis as well as for displaying all network paths. In general, attack graphs can be utilized for a variety of purposes, including the calculation of security metrics. Nonetheless, in order to sufficiently safeguard networks, a technique for gauging the security degree provided by these activities is required, as “you cannot improve what you cannot measure.” The security level of a system or network is typically represented by network security metrics in qualitative and quantitative ways. The network security metrics are typically employed to evaluate a system's security level and meet security objectives. Aim: This study aims to present a review of attack graph-based security metrics and analyse the previous work. Provides the limitations and issues the researchers faced to improve this important research area. Methodology: The attack graph security metrics field was thoroughly investigated in all research, and four databases—ScienceDirect, Web of Science (WoS), Scopus, and IEEE—were used to collect data between 2001 and 2022. Results: 46 papers were founded on attack graph security metrics with different methods and techniques based on the exclusion and inclusion criteria. The results of the taxonomy created three significant categories: proposed, implemented, reviewed, and surveyed. We believe this study will aid in highlighting research ability, which will subsequently broaden and establish new research topics.
© The Authors, published by EDP Sciences, 2024
This is an Open Access article distributed under the terms of the Creative Commons Attribution License 4.0, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.
Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.
Initial download of the metrics may take a while.