7,377 research outputs found
Exact Inference Techniques for the Analysis of Bayesian Attack Graphs
Attack graphs are a powerful tool for security risk assessment by analysing
network vulnerabilities and the paths attackers can use to compromise network
resources. The uncertainty about the attacker's behaviour makes Bayesian
networks suitable to model attack graphs to perform static and dynamic
analysis. Previous approaches have focused on the formalization of attack
graphs into a Bayesian model rather than proposing mechanisms for their
analysis. In this paper we propose to use efficient algorithms to make exact
inference in Bayesian attack graphs, enabling the static and dynamic network
risk assessments. To support the validity of our approach we have performed an
extensive experimental evaluation on synthetic Bayesian attack graphs with
different topologies, showing the computational advantages in terms of time and
memory use of the proposed techniques when compared to existing approaches.Comment: 14 pages, 15 figure
The failure tolerance of mechatronic software systems to random and targeted attacks
This paper describes a complex networks approach to study the failure
tolerance of mechatronic software systems under various types of hardware
and/or software failures. We produce synthetic system architectures based on
evidence of modular and hierarchical modular product architectures and known
motifs for the interconnection of physical components to software. The system
architectures are then subject to various forms of attack. The attacks simulate
failure of critical hardware or software. Four types of attack are
investigated: degree centrality, betweenness centrality, closeness centrality
and random attack. Failure tolerance of the system is measured by a 'robustness
coefficient', a topological 'size' metric of the connectedness of the attacked
network. We find that the betweenness centrality attack results in the most
significant reduction in the robustness coefficient, confirming betweenness
centrality, rather than the number of connections (i.e. degree), as the most
conservative metric of component importance. A counter-intuitive finding is
that "designed" system architectures, including a bus, ring, and star
architecture, are not significantly more failure-tolerant than interconnections
with no prescribed architecture, that is, a random architecture. Our research
provides a data-driven approach to engineer the architecture of mechatronic
software systems for failure tolerance.Comment: Proceedings of the 2013 ASME International Design Engineering
Technical Conferences & Computers and Information in Engineering Conference
IDETC/CIE 2013 August 4-7, 2013, Portland, Oregon, USA (In Print
DrAGON: A Framework for Computing Preferred Defense Policies from Logical Attack Graphs
Attack graphs provide formalism for modelling the vulnerabilities using a compact representation scheme. Two of the most popular attack graph representations are scenario attack graphs, and logical attack graphs. In logical attack graphs, the host machines present in the network are represented as exploit nodes, while the configurations (IDS rules, firewall policies etc.) running on them are represented as fact nodes. The actual user privileges that are possible on each of these hosts are represented as privilege nodes.
Existing work provides methods to analyze logical attack graphs and compute attack paths of varying costs. In this thesis we develop a framework for analyzing the attack graph from a defender perspective. Given an acyclic logical dependency attack graph we compute defense policies that cover all known exploits that can be used by the attacker and also are preferred with respect to minimizing the impacts. In contrast to previous work on analysis of logical attack graphs where quantitative costs are assigned to the vulnerabilities (exploits), our framework allows attack graph analysis using descriptions of vulnerabilities on a qualitative scale. We develop two algorithms for computing preferred defense policies that are optimal with respect to defender preferences. Our research to the best of our knowledge is the first fully qualitative approach to analyzing these logical attack graphs and formulating defense policies based on the preferences and priorities of the defender.
We provide a prototype implementation of our framework that allows logical attack graphs to be input using a simple text file (custom language), or using a GUI tool in graphical markup language (GML) format. Our implementation uses the NVD (National Vulnerability Database) as the source of CVSS impact metrics for vulnerabilities in the attack graph. Our framework generates a preferred order of defense policies using an existing preference reasoner. Preliminary experiments on various attack graphs show the correctness and efficiency of our approach
Towards a Networks-of-Networks Framework for Cyber Security
Networks-of-networks (NoN) is a graph-theoretic model of interdependent
networks that have distinct dynamics at each network (layer). By adding special
edges to represent relationships between nodes in different layers, NoN
provides a unified mechanism to study interdependent systems intertwined in a
complex relationship. While NoN based models have been proposed for
cyber-physical systems, in this position paper we build towards a three-layered
NoN model for an enterprise cyber system. Each layer captures a different facet
of a cyber system. We present in-depth discussion for four major graph-
theoretic applications to demonstrate how the three-layered NoN model can be
leveraged for continuous system monitoring and mission assurance.Comment: A shorter (3-page) version of this paper will appear in the
Proceedings of the IEEE Intelligence and Security Informatics 2013, Seattle
Washington, USA, June 4-7, 201
Efficient attack countermeasure selection accounting for recovery and action costs
The losses arising from a system being hit by cyber attacks can be staggeringly high, but defending against such attacks can also be costly. This work proposes an attack countermeasure selection approach based on cost impact analysis that takes into account the impacts of actions by both the attacker and the defender. We consider a networked system providing services whose functionality depends on other components in the network. We model the costs and losses to service availability from compromises and defensive actions to the components, and show that while containment of the attack can be an effective defense, it may be more cost-efficient to allow parts of the attack to continue further whilst focusing on recovering services to a functional state. Based on this insight, we build a countermeasure selection method that chooses the most cost-effective action based on its impact on expected losses and costs over a given time horizon. Our method is evaluated using simulations in synthetic graphs representing network dependencies and vulnerabilities, and performs well in comparison to alternatives
- …