Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

Analytical framework for measuring network security using exploit dependency graph

Analytical framework for measuring network security using exploit dependency graph

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Attack graph is a popular tool for modelling multi-staged, correlated attacks on computer networks. Attack graphs have been widely used for measuring network security risks. Majority of the works on attack graph use host-based or state-based approaches. These attack graph models are either too restrictive or too resource consuming. Also, a significant portion of these works have used ‘probability of successfully exploiting a network’ as the metric. This approach requires that the ‘probability of successfully exploiting individual vulnerabilities’ be known a priori. Finding such probabilities is inherently difficult. This present study uses exploit dependency graph, which is a space efficient and expressive attack graph model. It also associates an additive cost with executing individual exploits, and defines a security metric in terms of the ‘minimum cost required to successfully exploit the network’. The problem of calculating the said metric is proved to be NP-complete. A modified depth first branch and bound algorithm has been described for calculating it. This study also formulates, a linear-time computable, security metric in terms of the ‘expected cost required to successfully exploit the network’ assuming a random attacker model and an uncorrelated attack graph.

References

    1. 1)
      • N. Ghosh , S.K. Ghosh , D. Pratihar , L. Jain . (2010) An intelligent approach for security management of an enterprise network using planner’, Intelligent autonomous systems.
    2. 2)
      • Frigault, M., Wang, L., Singhal, A., Jajodia, S.: `Measuring network security using dynamic Bayesian network', Forth ACM Workshop on Quality of Protection, QoP’08, 2008, p. 23–30.
    3. 3)
      • L. Wang , A. Singhal , S. Jajodia , S. Barker , G. Ahn . (2007) Measuring the overall security of network configurations using attack graphs’, Data and applications security XXI.
    4. 4)
      • R. Karp , R. Miller , J. Thatcher . (1972) Reducibility among combinatorial problems’, Complexity of computer computations.
    5. 5)
      • S. Noel , L. Wang , A. Singhal , S. Jajodia . Measuring security risk of networks using attack graphs. Int. J. Next Gener. Comput. , 1 , 135 - 147
    6. 6)
      • Ammann, P., Wijesekera, D., Kaushik, S.: `Scalable, graph-based network vulnerability analysis', Ninth ACM Conf. on Computer and Communications Security, CCS’02, 2002, p. 217–224.
    7. 7)
      • Noel, S., Jajodia, S., O'Berry, B., Jacobs, M.: `Efficient minimum-cost network hardening via exploit dependency graphs', 19thAnnual Computer Security Applications Conf., 2003, p. 86–95.
    8. 8)
      • Ammann, P., Pamula, J., Ritchey, R., Street, J.: `A host-based approach to network attack chaining analysis', 21stAnnual Computer Security Applications Conf., ACSAC’05, 2005, p. 72–84.
    9. 9)
      • Ghosh, N., Ghosh, S.K.: `An approach for security assessment of network configurations using attack graph', Int. Conf. on Networks & Communications, NetCom’09, 2009, p. 283–288.
    10. 10)
      • Noel, S., Jajodia, S.: `Managing attack graph complexity through visual hierarchical aggregation', ACM Workshop on Visualization and Data Mining for Computer Security, VizSEC/DMSEC’04, 2004, p. 109–118.
    11. 11)
      • Liu, X., Fang, C., Xiao, D., Xu, H.: `A goal-oriented approach for modeling and analyzing attack graph', Int. Conf. on Information Science and Applications, ICISA’10, 2010, p. 1–8.
    12. 12)
    13. 13)
      • P. Mell , K. Scarfone , S. Romanosky . (2007) A complete guide to the common vulnerability scoring system version 2.0.
    14. 14)
      • Swiler, L.P., Phillips, C., Ellis, D., Chakerian, S.: `Computer-attack graph generation tool', DARPA Information Survivability Conf. on Exposition II, DISCEX’01, 2001, p. 307–321, vol. 2.
    15. 15)
      • O. Sheyner , J. Wing , F. de Boer , M. Bonsangue , S. Graf , W. de Roever . (2004) Tools for generating and analyzing attack graphs’, ‘Formal methods for components and objects.
    16. 16)
      • Ghosh, N., Ghosh, S.K.: `An intelligent technique for generating minimal attack graph', Workshop on Intelligent Security SecArt’09 in 19th Int. Conf. on Automated Planning and Scheduling, ICAPS’09, 2009, p. 42–51.
    17. 17)
      • N. Ghosh , S. Nanda , S.K. Ghosh , K. Kant , S. Pemmaraju , K. Sivalingam , J. Wu . (2010) An ACO based approach for detection of an optimal attack path in a dynamic environment’, Distributed computing and networking’.
    18. 18)
    19. 19)
      • L. Wang , T. Islam , T. Long , A. Singhal , S. Jajodia , V. Atluri . (2008) An attack graph-based probabilistic security metric’, Data and applications security XXII.
    20. 20)
      • Pamula, J., Jajodia, S., Ammann, P., Swarup, V.: `A weakest-adversary security metric for network configuration security analysis', Second ACM workshop on Quality of Protection, QoP’06, 2006, p. 31–38.
    21. 21)
    22. 22)
      • Jha, S., Sheyner, O., Wing, J.: `Two formal analyses of attack graphs', 15thIEEE Computer Security Foundations Workshop, 2002, p. 49–63.
    23. 23)
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2011.0103
Loading

Related content

content/journals/10.1049/iet-ifs.2011.0103
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address