Skip to Main Content
Network attack graphs are originally used to evaluate what the worst security state will be if a network is under attack. Along with observed intrusion evidences, we can further use attack graphs to extrapolate the current security state of a concerned network. Methods have been proposed in recent years to use observed intrusion evidences to compute the node belief metric of network attack graphs. However, these methods suffer either from low model generality, high computational complexity or immoderate dependence on empirical formulas. To overcome these obstacles, we improve one of the Bayesian network inference algorithms - the likelihood weighting algorithm into a novel node belief metric computation method. Experiment results show our method can achieve high computational accuracy in linear computational complexity, a feature making it feasible to be used to process large scale network attack graphs in real-time.