Project Abstract
This project will identify
and formulate new critical factors for measuring network security. The novel
security factors that have been considered as compared to previous works
include historical trend of vulnerability of the exposed services,
vulnerability severity prediction and estimated risk for any general network
service based on standard vulnerability database, policy resistance to
propagation of security attacks within the network considering various
network security devices (e.g., firewall and IDS), and service and traffic
exposure as created by the policy structure. This approach does not focus
only on discovering existing vulnerability but also on calculating the
estimated risk objectively considering potential future vulnerabilities and
the existing counter measures as used in network security policies like
firewall and IDS.
This approach will also
consider vulnerability interaction and policy interconnection. The objective
is to dynamically track the changes in quality of protection for a network
as new update in the vulnerability history, policy configuration, network
topology or traffic occurs and to provide a measurement of the security
level of the network policy.
