A Novel Security Model for Risk Assessment of Multi-Step Attacks in Computer Networks

Risk Assessment and Management have always been considered as one of the most challenging issues of each organization. Risk assessment would not be possible but by risk analysis of the existing vulnerabilities. Vulnerability prioritization makes it possible for security administrators to have better understanding of the infrastructure. So they would be able to find the most perilous vulnerabilities to bring cost benefit trade off into practice. Nowadays most of the attacks are the multi-step ones, in which, attacker exploits more than one vulnerability in a specified manner. So, it would be inevitable to consider the interaction of vulnerabilities for risk assessment. In this relation, the most sophisticated difficulty would be lack of standards for finding the interrelationship between vast amount of vulnerabilities and risk analysis is being done only for one step attacks. So, in this paper, a method have been introduced for risk assessment of Multi-step attacks which improves the accuracy of the existing vulnerability scoring systems.