Optimal IDS Sensor Placement and Alert Prioritization Using Attack Graphs
Journal of Network and Systems Management
Validating and restoring defense in depth using attack graphs
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
| Hi-index | 0.00 |
Computer security professionals and researchers are investigating proactive techniques for studying network-based attack behavior. Attack modeling is one of these research areas. In this dissertation, we address a novel attack modeling technique called an exploitation graph (e-graph) for representing attack scenarios. The key assumption in this research is that we can use exploitation graphs to represent attack scenarios, and methods involving e-graphs can be applied to provide vulnerability mitigation strategies. The modeling process consists of three primary steps. The first step is the creation of a knowledge base of vulnerability graphs (v-graphs) from known system vulnerabilities. Each v-graph shows necessary preconditions in order to make the vulnerability exploitable, and post-conditions that denote effects after a successful exploitation. A template is used to facilitate the definition of preconditions and post-conditions. The second step involves the association of multiple v-graphs to create an e-graph specific to a system being modeled. Network topology information and security policies (e.g., firewall rules) are encoded during the modeling process. A set of experiments were designed to test the modeling approach in a cluster computing environment consisting of one server node and eight internal computing nodes. Experimental results showed that e-graphs can be used to evaluate vulnerability mitigation solutions, e.g., identifying critical vulnerabilities and evaluating firewall policies. The third step of this process focuses on devising graph-simplification techniques for large e-graphs. Efficient graph-simplification techniques are described based on host and exploitation similarity. The most distinctive feature of these techniques is that, they help to simplify the most complex graph-generation process and do not require excessive memory storage. Experimental results showed that these techniques can not only reduce the size of e-graphs substantially, but also preserve most information needed for useful attack scenario analysis. The usefulness of the e-graph approach is shown in this dissertation. As a general approach for system administrators, the proposed techniques can be used in, but is not limited to, the cluster-computing environment in providing proactive Vulnerability Assessment (VA) strategies.