A model-based semi-quantitative approach for evaluating security of enterprise networks

Authors:
Zonghua Zhang;Farid Naït-Abdesselam;Xiaodong Lin;Pin-Han Ho
Affiliations:
University of Sciences and Technologies of Lille, Cedex, France;University of Sciences and Technologies of Lille, Cedex, France;University of Waterloo, ON, Canada;University of Waterloo, ON, Canada
Venue:
Proceedings of the 2008 ACM symposium on Applied computing
Year:
2008

Citing 13
Cited 3

A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior

IEEE Transactions on Software Engineering
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)
Toward cost-sensitive modeling for intrusion detection and response

Journal of Computer Security
Modeling and Quantification of Security Attributes of Software Systems

DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
Automated Generation and Analysis of Attack Graphs

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Model-Based Evaluation: From Dependability to Security

IEEE Transactions on Dependable and Secure Computing
Constructing Multi-Layered Boundary to Defend Against Intrusive Anomalies: An Autonomic Detection Coordinator

DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Model Checking Markov Reward Models with Impulse Rewards

DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Modeling and Simulation in Security Evaluation

IEEE Security and Privacy
Using CP-nets as a guide for countermeasure selection

Proceedings of the 2007 ACM symposium on Applied computing
Impact Analysis of Faults and Attacks in Large-Scale Networks

IEEE Security and Privacy
Using hidden markov models to evaluate the risks of intrusions

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Janus: a two-sided analytical model for multi-stage coordinated attacks

ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology

A framework for security quantification of networked machines

COMSNETS'10 Proceedings of the 2nd international conference on COMmunication systems and NETworks
EVMAT: an OVAL and NVD based enterprise vulnerability modeling and assessment tool

Proceedings of the 49th Annual Southeast Regional Conference
A multi-layer tree model for enterprise vulnerability management

Proceedings of the 2011 conference on Information technology education

Quantified Score

Hi-index	0.00

Visualization

Abstract

A challenging issue in Enterprise Risk Management (ERM) is to quantify network attributes with respect to security. This paper presents a model-based semi-quantitative approach for evaluating the security of enterprise networks. Instead of focusing on particular attacks/intrusions, our approach aims at characterizing attacker behaviors by examining attacker intent, objective, and attack consequence, which are essential for enforcing an attack scheme. In particular, an attack scheme involving several atomic attacks is formulated as a partially observable Markov decision process: a goal-directed attacker takes a sequence of actions to achieve the malicious goal, and a reward signal is used as feedback to integrate the attacker's intent, cost and objective and guides its advances. It is also used to measure attack impact, from security analyst's economic perspective, by considering the significance of network assets. Our approach provides network administrators a useful tool for performing better countermeasures during the risk management process. We carry out a real trace study to demonstrate its feasibility in practice and validate its performance.