A Framework for Network Vulnerability Analysis
نویسندگان
چکیده
With increasing faults and attacks on the Internet infrastructure, there is an urgent need to develop techniques to analyze network and service vulnerability under organized fault attacks. Network vulnerability refers to the impact of attacks and faults on network and system behaviors. An accurate vulnerability analysis requires a deep understanding of failure modes and effects on each of the network components and the knowledge of how these components are inter-related at each point in time to various applications in a networked system. In this paper we present an agent based network vulnerability analysis framework and show how our framework can be used to analyze and quantify the system vulnerability under a Distributed Denial of Service (DDOS) attack scenario. Our approach can be described in terms of three steps: 1) Vulnerability Metrics – In this step we identify the metrics to be used to analyze the network vulnerability; 2) System State Characterization – In this step we define the thresholds to be used to characterize the node/system state to be in one of three states: Normal State, Uncertain State, and Vulnerable State and 3) Vulnerability Index Evaluation – In this step we evaluate the vulnerability of the network or application with respect to the vulnerability metrics defined in the first step. The vulnerability index can also be used as an indicator to trigger proactive and survivable methodologies to aid fast recovery at the earliest possible stages.
منابع مشابه
An Ant Colony Optimization Algorithm for Network Vulnerability Analysis
Intruders often combine exploits against multiple vulnerabilities in order to break into the system. Each attack scenario is a sequence of exploits launched by an intruder that leads to an undesirable state such as access to a database, service disruption, etc. The collection of possible attack scenarios in a computer network can be represented by a directed graph, called network attack gra...
متن کاملThe role of network theory and object-oriented modeling within a framework for the vulnerability analysis of critical infrastructures
A framework for the analysis of the vulnerability of critical infrastructures has been proposed by some of the authors. The framework basically consists of two successive stages: (i) a screening analysis for identifying the parts of the critical infrastructure most relevant with respect to its vulnerability and (ii) a detailed modeling of the operational dynamics of the identified parts for gai...
متن کاملMulVAL: A Logic-based Network Security Analyzer
To determine the security impact software vulnerabilities have on a particular network, one must consider interactions among multiple network elements. For a vulnerability analysis tool to be useful in practice, two features are crucial. First, the model used in the analysis must be able to automatically integrate formal vulnerability specifications from the bug-reporting community. Second, the...
متن کاملA new SDN-based framework for wireless local area networks
Nowadays wireless networks are becoming important in personal and public communication andgrowing very rapidly. Similarly, Software Dened Network (SDN) is an emerging approach to over-come challenges of traditional networks. In this paper, a new SDN-based framework is proposedto ne-grained control of 802.11 Wireless LANs. This work describes the benets of programmableAcc...
متن کاملA user exposure based approach for non-structural road network vulnerability analysis
Aiming at the dense urban road network vulnerability without structural negative consequences, this paper proposes a novel non-structural road network vulnerability analysis framework. Three aspects of the framework are mainly described: (i) the rationality of non-structural road network vulnerability, (ii) the metrics for negative consequences accounting for variant road conditions, and (iii) ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2002