Analyzing Network Security using Malefactor Action Graphs
نویسندگان
چکیده
The approach to network security analysis is suggested. It is based on simulation of malefactor’s behavior, generating attack graph and calculating different security metrics. The graph represents all possible attack scenarios taking into account network configuration, security policy, malefactor’s location, knowledge level and strategy. The security metrics describe computer network security at different levels of detail and take into account various aspects of security. The generalized architecture of security analysis system is presented. Attack scenarios model, common attack graph building procedures, used security metrics, and general security level evaluation are defined. The implemented version of security analysis system is described, and examples of express-evaluations of security level are considered.
منابع مشابه
Attacks Against Computer Network: Formal Grammar-Based Framework and Simulation Tool
The paper presents an approach and formal framework for modeling attacks against computer network and its software implementation on the basis of a multi-agent architecture. The model of an attack is considered as a complex process of contest of adversary entities those are malefactor or team of malefactors, on the one hand, and network security system implementing a security policy, on the oth...
متن کاملPrinciples of Network Security Protocols Based on Dynamic Address Space Randomization
To create network security solutions and protocols, we introduced IP Fast Hopping. Our approach is based on theory of convoluted multiaddress networks, which describes principles of dynamic network address space randomization. Our technique aimed to protect network nodes against various types of network threats by hiding of node’s network address from malefactors. Existing networks are still vu...
متن کاملScenario Graphs Applied to Network Security
Traditional model checking produces one counterexample to illustrate a violation of a property by a model of the system. Some applications benefit from having all counterexamples, not just one. We call this set of counterexamples a scenario graph. In this chapter we present two different algorithms for producing scenario graphs and explain how scenario graphs are a natural representation for at...
متن کاملGoogling Attack Graphs
Attack graphs have been proposed as useful tools for analyzing security vulnerabilities in network systems. Even when they are produced efficiently, the size and complexity of attack graphs often prevent a human from fully comprehending the information conveyed. A distillation of this overwhelming amount of information is crucial to aid network administrators in efficiently allocating scarce hu...
متن کاملMeasuring Security Risk of Networks Using Attack Graphs
Today’s computer systems face sophisticated attackers who combine multiple vulnerabilities to penetrate networks with devastating impact. The overall security of a network cannot be determined by simply counting the number of vulnerabilities. To accurately assess the security of networked systems, one must understand how vulnerabilities can be combined to stage an attack. We model such composit...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006