An Adversary Aware and Intrusion Detection Aware Attack Model Ranking Scheme

Authors:
Liang Lu;Rei Safavi-Naini;Jeffrey Horton;Willy Susilo
Affiliations:
Centre for Computer and Information Security Research, School of Computer Science & Software Engineering, University of Wollongong, Australia;Centre for Computer and Information Security Research, School of Computer Science & Software Engineering, University of Wollongong, Australia;Centre for Computer and Information Security Research, School of Computer Science & Software Engineering, University of Wollongong, Australia;Centre for Computer and Information Security Research, School of Computer Science & Software Engineering, University of Wollongong, Australia
Venue:
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
Year:
2007

Citing 7
Cited 1

Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security

IEEE Transactions on Software Engineering
Survivability analysis of networked systems

ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
Two Formal Analys s of Attack Graphs

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Systematic Approach to Multi-Stage Network Attack Analysis

IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
Inside PageRank

ACM Transactions on Internet Technology (TOIT)
Ranking attack graphs

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

Ranking Attack Graphs with Graph Neural Networks

ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience

Quantified Score

Hi-index	0.00

Visualization

Abstract

A successful computer system intrusion is often resulted from an attacker combining exploits of individual vulnerability. This can be modelled by attack models and attack graphs to provide a global view on system security against attacker's goal. However, as the size and complexity of attack models and attack graphs usually greatly exceeds human ability to visualize, understand and analyze, a scheme is required to identify important portions of attack models and attack graphs. Mehta et al.proposed to rank states of an attack model by the probability of an adversary reaching a state by a sequence of exploiting individual vulnerabilities in a previous scheme. Important portions can hence be identified by ranks of states. However, Mehta et al.'s ranking scheme is based on the PageRank algorithm which models a web surfing scenario, but has not considered much on the dissimilarity between web surfing scenarios and computer system intrusion scenarios. In this paper, we extend Mehta et al.'s scheme by taking into consideration dissimilarity between web surfing scenarios and computer system intrusion scenarios. We experiment with the same network model used in Mehta et al.'s scheme and have the results compared. The experiments yielded promising results that demonstrated consistent ranks amongst varying parameters modelled by our ranking scheme.