Skip to main content
Springer Nature Link
Log in

Survivability Analysis of a Computer System Under an Advanced Persistent Threat Attack

  • Conference paper
  • First Online:
Graphical Models for Security (GraMSec 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9987))

Included in the following conference series:

Abstract

Computer systems are potentially targeted by cybercriminals by means of specially crafted malicious software called Advanced Persistent Threats (APTs). As a consequence, any security attribute of the computer system may be compromised: disruption of service (availability), unauthorized data modification (integrity), or exfiltration of sensitive data (confidentiality). An APT starts with the exploitation of software vulnerability within the system. Thus, vulnerability mitigation strategies must be designed and deployed in a timely manner to reduce the window of exposure of vulnerable systems. In this paper, we evaluate the survivability of a computer system under an APT attack using a Markov model. Generation and solution of the Markov model are facilitated by means of a high-level formalism based on stochastic Petri nets. Survivability metrics are defined to quantify security attributes of the system from the public announcement of a software vulnerability and during the system recovery. The proposed model and metrics not only enable us to quantitatively assess the system survivability in terms of security attributes but also provide insights on the cost/revenue trade-offs of investment efforts in system recovery such as vulnerability mitigation strategies. Sensitivity analysis through numerical experiments is carried out to study the impact of key parameters on system secure survivability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Symantec: Internet Security Threat report (2013). http://www.symantec.com/content/en/us/enterprise/other_resources/bistr_main_report_v18_2012_21291018.en-us.pdf

  2. Emm, D., Garnaeva, M., Ivanov, A., Makrushin, D., Unuchek, R.: IT threat evolution in Q2 2015. Technical report, Kaspersky Lab, July 2015

    Google Scholar 

  3. McAfee: McAfee labs threats report. Technical report, McAfee Labs, August 2015

    Google Scholar 

  4. Department of Homeland Security: National Security Strategy. The White House, May 2010. http://www.whitehouse.gov/sites/default/files/rss_viewer/national_security_strategy.pdf

  5. Kozik, R., Choras, M.: Current cyber security threats and challenges in critical infrastructures protection. In: Proceedings of the 2nd International Conference on Informatics and Applications (ICIA), pp. 93–97, September 2013

    Google Scholar 

  6. Walters, R.: Cyber Attacks on U.S. Companies in 2014. The Heritage Foundation - National Security and Defense, 1–5, October 2014. Issue Brief No. 4289

    Google Scholar 

  7. Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 231–245 (2007)

    Google Scholar 

  8. Bayer, U., Habibi, I., Balzarotti, D., Kirda, E., Kruegel, C.: A view on current malware behaviors. In: Proceedings of the 2nd USENIX Conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More (LEET), pp. 1–11. USENIX Association, Berkeley (2009)

    Google Scholar 

  9. Sood, A., Enbody, R.: Targeted cyberattacks: a superset of advanced persistent threats. IEEE Secur. Priv. 11(1), 54–61 (2013)

    Google Scholar 

  10. Tankard, C.: Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011(8), 16–19 (2011)

    Article  Google Scholar 

  11. Farwell, J.P., Rohozinski, R.: Stuxnet and the future of cyber war. Survival 53(1), 23–40 (2011)

    Article  Google Scholar 

  12. Rauscher, K.: Writing the rules of cyberwar. IEEE Spectr. 50(12), 30–32 (2013)

    Article  Google Scholar 

  13. Ellison, R.J., Fisher, D.A., Linger, R.C., Lipson, H.F., Longstaff, T.A., Mead, N.R.: Survivability: protecting your critical systems. IEEE Internet Comput. 3(6), 55–63 (1999)

    Article  Google Scholar 

  14. Bolch, G., Greiner, S., de Meer, H., Trivedi, K.S.: Queueing Networks and Markov Chains: Modeling and Performance Evaluation with Computer Science Applications, 2nd edn. Wiley-Interscience, Hoboken (2006)

    Book  MATH  Google Scholar 

  15. Ramani, S., Trivedi, K.S., Dasarathy, B.: Performance analysis of the CORBA event service using stochastic reward nets. In: Proceedings of the 19th IEEE Symposium on Reliable Distributed Systems (SRDS), pp. 238–247 (2000)

    Google Scholar 

  16. Philip, A., Sharma, R.K.: A stochastic reward net approach for reliability analysis of a flexible manufacturing module. Int. J. Syst. Assur. Eng. Manag. 4(3), 293–302 (2013)

    Article  Google Scholar 

  17. Bruneo, D.: A stochastic model to investigate data center performance and QoS in IaaS cloud computing systems. IEEE Trans. Parallel Distrib. Syst. 25(3), 560–569 (2014)

    Article  Google Scholar 

  18. Entezari-Maleki, R., Trivedi, K.S., Movaghar, A.: Performability evaluation of grid environments using stochastic reward nets. IEEE Trans. dependable Secure Comput. 12(2), 204–216 (2015)

    Article  Google Scholar 

  19. Kumar, N., Lee, J.H., Chilamkurti, N., Vinel, A.: Energy-efficient multimedia data dissemination in vehicular clouds: stochastic-reward-nets-based coalition game approach. IEEE Syst. J. 10(2), 847–858 (2016)

    Article  Google Scholar 

  20. Kawamura, R., Ohta, H.: Architectures for ATM network survivability and their field deployment. IEEE Commun. Mag. 37(8), 88–94 (1999)

    Article  Google Scholar 

  21. Wylie, J.J., Bigrigg, M.W., Strunk, J.D., Ganger, G.R., Kiliccote, H., Khosla, P.K.: Survivable information storage systems. Computer 33(8), 61–68 (2000)

    Article  Google Scholar 

  22. Jha, S., Wing, J.M.: Survivability analysis of networked systems. In: Proceedings of the 23rd International Conference on Software Engineering (ICSE), ICSE 2001, pp. 307–317. IEEE Computer Society, Washington, DC (2001)

    Google Scholar 

  23. Castet, J.F., Saleh, J.H.: On the concept of survivability, with application to spacecraft and space-based networks. Reliab. Eng. Syst. Saf. 99, 123–138 (2012)

    Article  Google Scholar 

  24. Paulauskas, N., Garsva, E., Gulbinovic, L., Stankevicius, A., Poviliauskas, D.: Survivability modelling of Lithuanian government information system. Elektronika Ir Elektrotechnika 120(4), 95–98 (2012)

    Article  Google Scholar 

  25. Wang, H., Liu, P.: Modeling and evaluating the survivability of an intrusion tolerant database system. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 207–224. Springer, Heidelberg (2006). doi:10.1007/11863908_14

    Chapter  Google Scholar 

  26. Wang, A.H., Yan, S., Liu, P.: A semi-markov survivability evaluation model for intrusion tolerant database systems. In: Proceedings of the 2010 International Conference on Availability, Reliability, and Security (ARES), pp. 104–111, February 2010

    Google Scholar 

  27. Trivedi, K.S., Xia, R.: Quantification of system survivability. Telecommun. Syst. 60(4), 451–470 (2015)

    Article  Google Scholar 

  28. Rodríguez, R.J., Merseguer, J., Bernardi, S.: Modelling security of critical infrastructures: a survivability assessment. Comput. J. 58(10), 2313–2327 (2015)

    Article  Google Scholar 

  29. Pfleeger, C.P., Pfleeger, S.L.: Security in Computing, 4th edn. Prentice Hall, Upper Saddle River (2006)

    MATH  Google Scholar 

  30. Murata, T.: Petri nets: properties, analysis and applications. Proc. IEEE 77(4), 541–580 (1989)

    Article  Google Scholar 

  31. Ajmone Marsan, M., Balbo, G., Conte, G., Donatelli, S., Franceschinis, G.: Modelling with Generalized Stochastic Petri Nets. Wiley Series in Parallel Computing. Wiley, Hoboken (1995)

    MATH  Google Scholar 

  32. Muppala, J., Ciardo, G., Trivedi, K.S.: Stochastic reward nets for reliability prediction. Commun. Reliab. Maintainab. Serviceability 1(2), 9–20 (1994)

    Google Scholar 

  33. Grottke, M., Trivedi, K.: Fighting bugs: remove, retry, replicate, and rejuvenate. Computer 40(2), 107–109 (2007)

    Article  Google Scholar 

  34. ANSI T1A1.2 Working Group on Network Survivability Performance: Enhanced Network Survivability Performance. Technical report 68, American National Standards Institute (2001)

    Google Scholar 

  35. Ciardo, G., Muppala, J., Trivedi, K.: SPNP: stochastic Petri net package. In: Proceedings of the 3rd International Workshop on Petri Nets and Performance Models (PNPM), pp. 142–151, December 1989

    Google Scholar 

  36. Temizkan, O., Kumar, R., Park, S., Subramaniam, C.: Patch release behaviors of software vendors in response to vulnerabilities: an empirical analysis. J. Manage. Inf. Syst. 28(4), 305–338 (2012)

    Article  Google Scholar 

  37. Google Project Zero: List of vulnerabilities reported by Google security research team. https://bugs.chromium.org/p/project-zero/issues/list?can=1&q=&colspec=ID+Type+Status+Priority+Milestone+Owner+Summary&cells=ids

  38. Nzoukou, W., Wang, L., Jajodia, S., Singhal, A.: A unified framework for measuring a network’s mean time-to-compromise. In: Proceedings of the 2013 IEEE 32nd International Symposium on Reliable Distributed Systems (SRDS), pp. 215–224, September 2013

    Google Scholar 

Download references

Acknowledgments

The research of Ricardo J. Rodríguez was supported by the Spanish MINECO project CyCriSec (TIN2014-58457-R). The research of Xiaolin Chang was supported by NSF 61572066 of China. The research of Xiaodan Li and Kishor S. Trivedi was supported in part by US NSF grant number CNS-1523994, by IBM under a faculty grant, by NATO under Science for Peace project number 984425, and by US Navy under grant N00174-16-C-0036.

Author information

Authors and Affiliations

  1. Department of Computer Science and Systems Engineering, University of Zaragoza, Zaragoza, Spain

    Ricardo J. Rodríguez

  2. Department of Information Security, Beijing Jiaotong University, Beijing, People’s Republic of China

    Xiaolin Chang

  3. Department of Electrical and Computer Engineering, Duke University, Durham, USA

    Xiaodan Li & Kishor S. Trivedi

Authors
  1. Ricardo J. Rodríguez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiaolin Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiaodan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kishor S. Trivedi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ricardo J. Rodríguez .

Editor information

Editors and Affiliations

  1. INSA Rennes & IRISA, Rennes, France

    Barbara Kordy

  2. KTH Royal Institute of Technology , Stockholm, Sweden

    Mathias Ekstedt

  3. University of Canterbury , Christchurch, New Zealand

    Dong Seong Kim

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Rodríguez, R.J., Chang, X., Li, X., Trivedi, K.S. (2016). Survivability Analysis of a Computer System Under an Advanced Persistent Threat Attack. In: Kordy, B., Ekstedt, M., Kim, D. (eds) Graphical Models for Security. GraMSec 2016. Lecture Notes in Computer Science(), vol 9987. Springer, Cham. https://doi.org/10.1007/978-3-319-46263-9_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-46263-9_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-46262-2

  • Online ISBN: 978-3-319-46263-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics