Abstract

This paper presents a framework and a tool for quantifying the security of a communication network. The framework is compared to some aspects of the human immune system providing insights into methods of quantifying vulnerabilities, detecting an intruder, and fighting an attack. It is assumed that an attacker has a finite amount of resources with which to discover faults in the network security of a data communications network and that each fault discovery consumes the attackers’ resources. Extensions of this method in light of knowledge of the operation of the human immune system are explored. Network security actions may be taken to increase security in strategic areas of the network and to actively pursue an attacker. Reactions such as these by network security in response to an attack have a cost in terms of network resources and degradation of services to network consumers. An optimal course of action by network security in response to an attack is to minimize network access to an attacker while also minimizing the impact to legitimate network consumers. The optimal course of action by network security personnel requires precise assessment of network security vulnerability, quantification of effects on network consumers by actions taken by network security in response to an attack, and a framework for applying the vulnerability assessment.