Network security analysis using Bayesian attack graphs

Abstract

In this research, we study and analyse the National University of Rwanda (NUR) Network based on Vulnerability found there. A review on Bayesian Networks contributes to analyze and quantify information security risks caused by various threat sources on the network. We utilize existing network in attack graphs and individual vulnerability metrics, such as CVSS, and apply probabilistic reasoning to produce a sound risk measurement. The NUR network has many host interconnections and network privileges could be gained in many ways. This factor leads to cycles in an attack graph, which must be identified and properly treated when measuring risk to prevent distortion of the results. By using NESSUS for simulation, we analyze different parameters for the vulnerability of the system and the attack graphs path were being done, considering different servers and the risk of attacks. This research identifies and describes security problems in the NUR Network that may lead to different types of attacks. Such security problems include flooding attacks, security vulnerabilities in parser implementations, and attacks exploiting vulnerabilities at the signaling application level. A qualitative analysis of these security flaws and their impacts on NUR network is presented.