4 research outputs found
Attack graph based evaluation of network security.
Abstract. The perspective directions in evaluating network security are simulating possible malefactor's actions, building the representation of these actions as attack graphs (trees, nets), the subsequent checking of various properties of these graphs, and determining security metrics which can explain possible ways to increase security level. The paper suggests a new approach to security evaluation based on comprehensive simulation of malefactor's actions, construction of attack graphs and computation of different security metrics. The approach is intended for using both at design and exploitation stages of computer networks. The implemented software system is described, and the examples of experiments for analysis of network security level are considered
ΠΡΠ΅Π½ΠΊΠ° Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΠ½ΡΡ ΡΠ΅ΡΠ΅ΠΉ Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅ Π³ΡΠ°ΡΠΎΠ² Π°ΡΠ°ΠΊ ΠΈ ΠΊΠ°ΡΠ΅ΡΡΠ²Π΅Π½Π½ΡΡ ΠΌΠ΅ΡΡΠΈΠΊ Π·Π°ΡΠΈΡΠ΅Π½Π½ΠΎΡΡΠΈ
Approach to computer network security analysis for using both at design and operation stages is suggested. This approach is based on generating common attack graph and using qualitative security metrics. The graph represents possible scenarios of distributed attacks taking into account network configuration, security policy, malefactorβs location, knowledge level and strategy. The general architecture of the security analysis system proposed, the main concepts of common attack graph, used security metrics taxonomies, metrics calculation rules and general security level evaluation procedure are considered. The suggested security metrics allow to evaluate computer network security level with different detailing level and taking into account different aspects. The implemented software prototype is described, and examples of using the prototype for express-analysis of computer network security level are considered.Π ΡΠ°Π±ΠΎΡΠ΅ ΠΏΡΠ΅Π΄Π»Π°Π³Π°Π΅ΡΡΡ ΠΏΠΎΠ΄Ρ
ΠΎΠ΄ ΠΊ Π°Π½Π°Π»ΠΈΠ·Ρ Π·Π°ΡΠΈΡΠ΅Π½Π½ΠΎΡΡΠΈ ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΠ½ΡΡ
ΡΠ΅ΡΠ΅ΠΉ, ΠΏΡΠ΅Π΄Π½Π°Π·Π½Π°ΡΠ΅Π½Π½ΡΠΉ Π΄Π»Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ ΠΊΠ°ΠΊ Π½Π° ΡΡΠ°ΠΏΠ°Ρ
ΠΈΡ
ΠΏΡΠΎΠ΅ΠΊΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ, ΡΠ°ΠΊ ΠΈ ΡΠΊΡΠΏΠ»ΡΠ°ΡΠ°ΡΠΈΠΈ. ΠΠΎΠ΄Ρ
ΠΎΠ΄ Π±Π°Π·ΠΈΡΡΠ΅ΡΡΡ Π½Π° Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΎΠΉ Π³Π΅Π½Π΅ΡΠ°ΡΠΈΠΈ ΠΎΠ±ΡΠ΅Π³ΠΎ Π³ΡΠ°ΡΠ° Π°ΡΠ°ΠΊ ΠΈ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠΈ ΠΊΠ°ΡΠ΅ΡΡΠ²Π΅Π½Π½ΡΡ
ΠΌΠ΅ΡΡΠΈΠΊ Π·Π°ΡΠΈΡΠ΅Π½Π½ΠΎΡΡΠΈ. ΠΡΠ°Ρ ΠΎΡΡΠ°ΠΆΠ°Π΅Ρ Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΡΠ΅ ΡΠ°ΡΠΏΡΠ΅Π΄Π΅Π»Π΅Π½Π½ΡΠ΅ ΡΡΠ΅Π½Π°ΡΠΈΠΈ Π°ΡΠ°ΠΊ Ρ ΡΡΠ΅ΡΠΎΠΌ ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΠΈ ΡΠ΅ΡΠΈ, ΡΠ΅Π°Π»ΠΈΠ·ΡΠ΅ΠΌΠΎΠΉ ΠΏΠΎΠ»ΠΈΡΠΈΠΊΠΈ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ, Π° ΡΠ°ΠΊΠΆΠ΅ ΠΌΠ΅ΡΡΠΎΠΏΠΎΠ»ΠΎΠΆΠ΅Π½ΠΈΡ, ΡΠ΅Π»Π΅ΠΉ, ΡΡΠΎΠ²Π½Ρ Π·Π½Π°Π½ΠΈΠΉ ΠΈ ΡΡΡΠ°ΡΠ΅Π³ΠΈΠΉ Π½Π°ΡΡΡΠΈΡΠ΅Π»Ρ. Π Π°ΡΡΠΌΠΎΡΡΠ΅Π½Ρ ΠΎΠ±ΡΠ°Ρ Π°ΡΡ
ΠΈΡΠ΅ΠΊΡΡΡΠ° ΠΏΡΠ΅Π΄Π»Π°Π³Π°Π΅ΠΌΠΎΠΉ ΡΠΈΡΡΠ΅ΠΌΡ Π°Π½Π°Π»ΠΈΠ·Π° Π·Π°ΡΠΈΡΠ΅Π½Π½ΠΎΡΡΠΈ, ΠΎΡΠ½ΠΎΠ²Π½ΡΠ΅ ΠΏΠΎΠ½ΡΡΠΈΡ ΠΎΠ±ΡΠ΅Π³ΠΎ Π³ΡΠ°ΡΠ° Π°ΡΠ°ΠΊ, ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌΡΠ΅ ΡΠ°ΠΊΡΠΎΠ½ΠΎΠΌΠΈΠΈ ΠΌΠ΅ΡΡΠΈΠΊ Π·Π°ΡΠΈΡΠ΅Π½Π½ΠΎΡΡΠΈ, ΠΏΡΠ°Π²ΠΈΠ»Π° ΠΈΡ
ΡΠ°ΡΡΠ΅ΡΠ°, Π° ΡΠ°ΠΊΠΆΠ΅ ΠΌΠ΅ΡΠΎΠ΄ΠΈΠΊΠ° ΠΎΡΠ΅Π½ΠΊΠΈ ΠΎΠ±ΡΠ΅Π³ΠΎ ΡΡΠΎΠ²Π½Ρ Π·Π°ΡΠΈΡΠ΅Π½Π½ΠΎΡΡΠΈ. ΠΡΠ΅Π΄Π»ΠΎΠΆΠ΅Π½Π½ΡΠ΅ ΠΌΠ΅ΡΡΠΈΠΊΠΈ Π·Π°ΡΠΈΡΠ΅Π½Π½ΠΎΡΡΠΈ ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡΡ ΠΎΡΠ΅Π½ΠΈΠ²Π°ΡΡ Π·Π°ΡΠΈΡΠ΅Π½Π½ΠΎΡΡΡ ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΠ½ΠΎΠΉ ΡΠ΅ΡΠΈ Ρ ΡΠ°Π·Π»ΠΈΡΠ½ΠΎΠΉ ΡΡΠ΅ΠΏΠ΅Π½ΡΡ Π΄Π΅ΡΠ°Π»ΠΈΠ·Π°ΡΠΈΠΈ ΠΈ Ρ ΡΡΠ΅ΡΠΎΠΌ ΡΠ°Π·Π»ΠΈΡΠ½ΡΡ
Π°ΡΠΏΠ΅ΠΊΡΠΎΠ². ΠΡΠ΅Π΄ΡΡΠ°Π²Π»Π΅Π½ΠΎ ΠΎΠΏΠΈΡΠ°Π½ΠΈΠ΅ ΡΠ΅Π°Π»ΠΈΠ·ΠΎΠ²Π°Π½Π½ΠΎΠ³ΠΎ ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠ½ΠΎΠ³ΠΎ ΠΏΡΠΎΡΠΎΡΠΈΠΏΠ° ΠΈ ΡΠ°ΡΡΠΌΠΎΡΡΠ΅Π½Ρ ΠΏΡΠΈΠΌΠ΅ΡΡ Π΅Π³ΠΎ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ Π΄Π»Ρ ΡΠΊΡΠΏΡΠ΅ΡΡ-Π°Π½Π°Π»ΠΈΠ·Π° Π·Π°ΡΠΈΡΠ΅Π½Π½ΠΎΡΡΠΈ ΡΠ΅ΡΡΠΎΠ²ΠΎΠΉ ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΠ½ΠΎΠΉ ΡΠ΅ΡΠΈ
A Framework Based Approach for Formal Modeling and Analysis of Multi-level Attacks in Computer Networks
Attacks on computer networks are moving away from simple vulnerability exploits. More sophisticated attack types combine and depend on aspects on multiple levels (e.g. protocol and network level). Furthermore attacker actions, regular protocol execution steps, and administrator actions may be interleaved