Exploring attack graph for cost-benefit security hardening: A probabilistic approach

Wang, Shuzhen; Zhang, Zonghua; Kadobayashi, Youki

doi:10.1016/j.cose.2012.09.013

Cited by 93 publications

(74 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In contrast, the security performance for joint surface with already deployed active countermeasures depends on their goodness. If a new countermeasure has less goodness compared to the one that has joint surface with it, it cannot increase the security performance and this surface is ignored, see (24). Thus, if a countermeasure has small disjoint surface coverage and small goodness, it cannot increase the total security performance.…”

Section: Security Performance Evaluationmentioning

confidence: 99%

“…For example, Balepin et al [6] propose to consider only availability loss of services affected by the intruder and countermeasure. Other models evaluate attack and countermeasure costs without putting them into the same measurement unit (e.g., [10], [20], [22]- [24]). These models define different parameters to calculate costs separately and then use several techniques to compare them.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Dynamic Optimal Countermeasure Selection for Intrusion Response System

Shameli‐Sendi

Louafi

et al. 2018

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Abstract-Designing an efficient defense framework is challenging with respect to a network's complexity, widespread sophisticated attacks, attackers' ability, and the diversity of security appliances. The Intrusion Response System (IRS) is intended to respond automatically to incidents by attuning the attack damage and countermeasure costs. The existing approaches inherit some limitations, such as using static countermeasure effectiveness, static countermeasure deployment cost, or neglecting the countermeasures' negative impact on service quality (QoS). These limitations may lead the IRS to select inappropriate countermeasures and deployment locations, which in turn may reduce network performance and disconnect legitimate users. In this paper, we propose a dynamic defense framework that selects an optimal countermeasure against different attack damage costs. To measure the attack damage cost, we propose a novel defense-centric model based on a service dependency graph. To select the optimal countermeasure dynamically, we formulate the problem at hand using a multi-objective optimization concept that maximizes the security benefit, minimizes the negative impact on users and services, and minimizes the security deployment cost with respect to the attack damage cost.

show abstract

Section: Security Performance Evaluationmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Dynamic Optimal Countermeasure Selection for Intrusion Response System

Shameli‐Sendi

Louafi

et al. 2018

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

show abstract

“…Wang et al [6] propose a HMM-based attack graph generation method and ACO-based algorithm to evaluate the security of target network and plan corresponding countermeasures. This method can compute the transition probability between each two states.…”

Section: Related Workmentioning

confidence: 99%

“…In [4], authors use the ant colony optimization (ACO) approach to search the optimal attack path based on the minimal attack path [5], but ACO can easily fall into a local optimum. Reference [6] proposes a HMMbased attack graph generation method, and then authors use ACO-based algorithm to compute the optimal attack path. Based on this path, evaluating the security of target network can be evaluated and corresponding countermeasures can be planned.…”

Section: Introductionmentioning

confidence: 99%

A Dynamic Hidden Forwarding Path Planning Method Based on Improved Q-Learning in SDN Environments

Chen

2018

Security and Communication Networks

View full text Add to dashboard Cite

Currently, many methods are available to improve the target network's security. The vast majority of them cannot obtain an optimal attack path and interdict it dynamically and conveniently. Almost all defense strategies aim to repair known vulnerabilities or limit services in target network to improve security of network. These methods cannot response to the attacks in real-time because sometimes they need to wait for manufacturers releasing corresponding countermeasures to repair vulnerabilities. In this paper, we propose an improved Q-learning algorithm to plan an optimal attack path directly and automatically. Based on this path, we use software-defined network (SDN) to adjust routing paths and create hidden forwarding paths dynamically to filter vicious attack requests. Compared to other machine learning algorithms, Q-learning only needs to input the target state to its agents, which can avoid early complex training process. We improve Q-learning algorithm in two aspects. First, a reward function based on the weights of hosts and attack success rates of vulnerabilities is proposed, which can adapt to different network topologies precisely. Second, we remove the actions and merge them into every state that reduces complexity from ( 3 ) to ( 2 ). In experiments, after deploying hidden forwarding paths, the security of target network is boosted significantly without having to repair network vulnerabilities immediately.

show abstract

“…Wang 33 , et al presented an approach which integrates attack graph and Hidden Markov model (HMM) together, for exploring the probabilistic relation between system observations and states. They have used a modified version of dependency attack graph to represent network assets and vulnerabilities.…”

Section: Attack Graph Based Security Metricsmentioning

confidence: 99%

Attack Graph Generation and Analysis Techniques

Barik¹,

Sengupta²,

Mazumdar³

2016

Def. Sc. Jl.

View full text Add to dashboard Cite

INTRODUCTIONDefending large scale enterprise networks from adversary attacks is an uphill task faced by present day network administrators. Defense approaches against such attacks traditionally have been mostly host centric, where attention is given to identifying vulnerabilities of the individual hosts and taking measures to mitigate them. Vulnerability scanning tools, such as Nessus, OpenVAS, Nexpose, etc. provide per host vulnerability information and help in achieving these objectives. However, one major problem with this approach is that it emphasises more on host specific local information and does not consider them in the light of global security context of the network. Theoretically, an exhaustive vulnerability searching and patching may lead to a secure system. However, this may not be possible in practice due to the costs involved and operational constraints. Moreover, in many cases, attackers combine elementary attacks to launch multistage attacks against critical assets. These elementary attacks exploit vulnerabilities of individual hosts and may be either remote or local. Intrusion Detection Systems, either network or host based, can detect those elementary attacks but cannot report whether they are part of a larger attack chain or not.An attack graph is an important modelling tool used in the assessment of security of enterprise networks. Using attack graphs, network administrators can understand how an attacker can combine vulnerabilities in multiple hosts in a multi-stage attack to compromise critical resources in a network. Moreover the size of an attack graph has direct impact on the perceived risk. Intuitively, a larger attack graph can mean more number of vulnerabilities that can be exploited or more number of attack paths to a resource or more attack spread; all implying less security and hence more risk. An exhaustive attack graph of a network provides global view of its security posture, enabling quantitative assessment of the same. Such assessments, when performed periodically help a network system to evolve over time.Since its introduction in 1998, attack graph has attracted lots of attention from researchers and a considerable amount of research effort has been spent in the development of theory and practices around the idea of attack graph. In its earlier days, dedicated security teams (called Red teams) used to determine overall security of networks by hand-drawing gigantic attack graphs and then analysing them. Obviously, this approach was tedious, error prone and did not scale up as the network size grew. This gave rise to the need for automated methods of attack graph generation. Automated techniques also guarantee that the generated attack graph is exhaustive and succinct. An exhaustive attack graph contains all possible attack paths and a succinct attack graph contains only those initial network states from where the attacker can reach the goal. Initial research proposed custom algorithms, model checking, logic based approaches as attack graph generation methods. However, the sca...

show abstract

Exploring attack graph for cost-benefit security hardening: A probabilistic approach

Cited by 93 publications

References 22 publications

Dynamic Optimal Countermeasure Selection for Intrusion Response System

Dynamic Optimal Countermeasure Selection for Intrusion Response System

A Dynamic Hidden Forwarding Path Planning Method Based on Improved Q-Learning in SDN Environments

Attack Graph Generation and Analysis Techniques

Contact Info

Product

Resources

About