Cyber resilience measurement through logical attack graph analysis

To improve resilience, it is crucial to quantify or measure it. Measurement techniques usually base their measure on critical functionality, which is unfortunately not mission-centric. Also, methods of measurement over time can not tackle the fact that a system may have different consecutive missions at different intervals of time. We propose a method to measure the cyber-resilience of any complex network by analyzing how the business process varies against adversity effort. Both efforts of the attacker and the impact on the business process are obtained by leveraging the vulnerabilities CVSS score of attack paths extracted from a generated attack graph. We finally obtain a numerical value for cyber resilience by calculating the area under the curve of business process against attacker effort. Experimentation shows that the proposed framework suits the absorption, recovery, and adaptation abilities of cyber resilience. This also helps designers to analyze which type of vulnerabilities leads to the worst resilience case, thereby making critical decisions to improve cyber resilience.