Analytical framework for measuring network security using exploit dependency graph

نویسندگان

  • P. Bhattacharya
  • S. K. Ghosh
چکیده

Attack graph is a popular tool for modeling multi-staged, correlated attacks on computer networks. Attack graphs have been widely used for measuring network security risks. A major portion of these works, have used host based or state based attack graphs. These attack graph models are either too restrictive or too resource consuming. Also, a significant portion of these works have used ‘probability of successfully exploiting a network’ as the metric. This approach requires that the ‘probability of successfully exploiting individual vulnerabilities’ be known a priori. Finding such probabilities is inherently difficult. This work uses exploit dependency graph, which is a space efficient and expressive attack graph model. It also associates an additive cost with executing individual exploits, and defines a security metric in terms of the ‘minimum cost required to successfully exploit the network’. The problem of calculating the said metric is proved to be NP-Complete. A modified depth first branch and bound algorithm has been described for calculating it. This work also formulates, a linear time computable, security metric in terms of the ‘expected cost required to successfully exploit the network’ assuming a random attacker model and an uncorrelated attack graph.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Reducing the U.S dependency on oil and gas imports, implications for its policies in the international system

This paper aims to firstly explain the significance of the U.S oil independency and its consequences on the U.S foreign strategy in international politics. Secondly, the implications of this energy policy on the U.S foreign policy in the international system context is examined. The hypothesis to address these inquiries is postulated using neo-realism theory. Accordingly, following oil independ...

متن کامل

Modelling and Analysing Network Security Policies in a Given Vulnerability Setting

The systematic protection of critical information infrastructures requires an analytical process to identify the critical components and their interplay, to determine the threats and vulnerabilities, to assess the risks and to prioritise countermeasures where risk is unacceptable. This paper presents an integrated framework for model-based symbolic interpretation, simulation and analysis with a...

متن کامل

Measuring gas demand security using Principal Component Analysis (PCA): A case study

Safeguarding the energy security is an important energy policy goal of every country. Assuring sufficient and reliable resources of energy at affordable prices is the main objective of energy security. Due to such reasons as special geopolitical position, terrorist attacks and other unrest in the Middle East, securing Iran’s energy demand and increasing her natural gas exports have turned into ...

متن کامل

Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs

In-depth analysis of network security vulnerability must consider attacker exploits not just in isolation, but also in combination. The general approach to this problem is to compute attack paths (combinations of exploits), from which one can decide whether a given set of network hardening measures guarantees the safety of given critical resources. We go beyond attack paths to compute actual se...

متن کامل

LPKP: location-based probabilistic key pre-distribution scheme for large-scale wireless sensor networks using graph coloring

Communication security of wireless sensor networks is achieved using cryptographic keys assigned to the nodes. Due to resource constraints in such networks, random key pre-distribution schemes are of high interest. Although in most of these schemes no location information is considered, there are scenarios that location information can be obtained by nodes after their deployment. In this paper,...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IET Information Security

دوره 6  شماره 

صفحات  -

تاریخ انتشار 2012