Skip to main content
SpringerLink
Log in

Optimal security hardening on attack tree models of networks: a cost-benefit analysis

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Researchers have previously looked into the problem of determining whether a given set of security hardening measures can effectively make a networked system secure. However, system administrators are often faced with a more challenging problem since they have to work within a fixed budget which may be less than the minimum cost of system hardening. An attacker, on the other hand, explores alternative attack scenarios to inflict the maximum damage possible when the security controls are in place, very often rendering the optimality of the controls invalid. In this work, we develop a systematic approach to perform a cost-benefit analysis on the problem of optimal security hardening under such conditions. Using evolutionary paradigms such as multi-objective optimization and competitive co-evolution, we model the attacker-defender interaction as an “arms race”, and explore how security controls can be placed in a network to induce a maximum return on investment.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th Conference on Computer and Communications Security, pp. 217–224 (2002)

  2. Jha, S., Sheyner, O., Wing, J.M.: Two formal analysis of attack graphs. In: Proceedings of the 15th IEEE Computer Security Foundations Workshop, pp. 49–63 (2002)

  3. Phillips, C., Swiler, L. P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 New Security Paradigms Workshop, pp. 71–79 (1998)

  4. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 273–284 (2002)

  5. Swiler, L., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool. In: Proceedings of the DARPA Information Survivability Conference and Exposition II, pp. 307–321 (2001)

  6. Dawkins, J., Campbell, C., Hale, J.: Modeling network attacks: extending the attack tree paradigm. In: Proceedings of the Workshop on Statistical Machine Learning Techniques in Computer Intrusion Detection. Johns Hopkins University (2002)

  7. Moore, A.P., Ellison, R.J., Linger, R.C.: Attack modeling for information survivability. Technical Note CMU/SEI-2001-TN-001, Carnegie Melon University/Software Engineering Institute, March (2001)

  8. Ray, I., Poolsappasit, N.: Using attack trees to identify malicious attacks from authorized insiders. In: Proceedings of the 10th European Symposium On Research In Computer Security, pp. 231–246 (2005)

  9. Schneier B.: Attack Trees. Dr. Dobb’s J. 24(12), 21–29 (1999)

    Google Scholar 

  10. Noel, S., Jajodia, S., O’Berry, B., Jacobs, M.: Efficient minimum-cost network hardening via exploit dependency graphs. In: Proceedings of the 19th Annual Computer Security Applications Conference, pp. 86–95 (2003)

  11. Dewri, R., Poolsappasit, N., Ray, I., Whitley, D.: Optimal security hardening using multi-objective optimization on attack tree models of networks. In: Proceedings of the 14th Conference on Computer and Communications Security, pp. 204–213 (2007)

  12. Gupta M., Rees J., Chaturvedi A., Chi J.: Matching information security vulnerabilities to organizational security policies: a genetic algorithm approach. Decis. Supp. Syst. 41(3), 592–603 (2006)

    Article  Google Scholar 

  13. Bistarelli, S., Dall’Aglio, M., Perretti, P.: Strategic Games on Defense Trees. Formal Aspects in Security and Trust, pp. 1–15. Springer, Berlin (2006)

  14. Syverson, P.F.: A different look at secure distributed computation. In: Proceedings of the 10th Computer Security Foundations Workshop, pp. 109–115 (1997)

  15. Lye K., Wing J.M.: Game strategies in network security. Int. J. Inf. Secur. 4(1–2), 71–86 (2005)

    Article  Google Scholar 

  16. Sallhammar, K., Knapskog, S.J., Helvik, B.E.: Using stochastic game theory to compute the expected behavior of attackers. In: Proceedings of the 2005 Symposium on Applications and the Internet Workshops, pp. 102–105 (2005)

  17. Sallhammar, K., Helvik, B.E., Knapskog, S.J.: Towards a stochastic model for integrated security and dependability evaluation. In: Proceedings of the First International Conference on Availability, Reliability and Security, pp. 156–165 (2006)

  18. Liu P., Zang W., Yu M.: Incentive-based modeling and inference of attacker intent, objectives, and strategies. ACM Trans. Inf. Syst. Secur. 8(1), 78–118 (2005)

    Article  Google Scholar 

  19. Buldas A., Laud P., Priisalu J., Saarepera M., Willemson J.: Rational choice of security measures via multi-parameter attack trees. Crit. Inf. Infrastruct. Secur. 4347, 235–248 (2006)

    Article  Google Scholar 

  20. Zhang, Z., Nait-Abdesselam, F., Ho, P.: Boosting Markov Reward models for probabilistic security evaluation by characterizing behaviors of attacker and defender. In: Proceedings of the 3rd International Conference on Availability, Reliability and Security, pp. 352–359 (2008)

  21. Jiang, W., Zhang, H., Tian, Z., Song, X.: A game theoretic method for decision and analysis of the optimal active defense strategy. In: Proceedings of the 2007 International Conference on Computational Intelligence and Security, pp. 819–823 (2007)

  22. Coello Coello C.A.: An updated survey of GA-based multiobjective optimization techniques. ACM Comput. Surv. 32(2), 109–143 (2000)

    Article  Google Scholar 

  23. Deb K.: Multi-objective Optimization Using Evolutionary Algorithms. Wiley, New York (2001)

    MATH  Google Scholar 

  24. Deb K., Pratap A., Agarwal S., Meyarivan T.: A fast and elitist multiobjective genetic algorithm: NSGA–II . IEEE Trans. Evolut. Comput. 6(2), 182–197 (2002)

    Article  Google Scholar 

  25. Axelrod, R.: Evolution of Strategies in the Iterated Prisoner’s Dilemma. Genetic Algorithms and Simulated Annealing, pp. 32–41. Morgan Kaufmann, Los Altos (1987)

  26. Smith J.M.: Evolution and the Theory of Games. Cambridge University Press, Cambridge (1982)

    MATH  Google Scholar 

  27. Rosin, C.D., Blew, R.K.: Methods for competitive co-evolution: finding opponents worth beating. In: Proceedings of the 6th International Conference on Genetic Algorithms, pp. 373–381 (1995)

  28. Hillis, W.D.: Co-evolving parasites improve simulated evolution as an optimization procedure. Artificial Life II. Addison-Wesley, London (1991)

  29. Bull, L.: Coevolutionary Computation: An Introduction. http://www.cems.uwe.ac.uk/~lbull/intro.pdf (1998)

  30. Dawkins R.: The Blind Watchmaker. Norton & Company, Inc, New York (1986)

    Google Scholar 

  31. Rosin C.D., Blew R.K.: New methods for competitive coevolution. Evolut. Comput. 5(1), 1–29 (1997)

    Article  Google Scholar 

  32. Ficici, S.G., Pollack, J.B.: A game-theoretic memory mechanism for coevolution. In: Proceedings of the Genetic and Evolutionary Computation Conference, pp. 286–297 (2003)

  33. Stanley, K.O., Miikkulainen, R.: The dominance tournament method of monitoring progress in coevolution. In: Proceedings of the Genetic and Evolutionary Computation Conference Workshop Program, pp. 242–248 (2002)

  34. Stoneburner, G., Goguen, A., Feringa, A.: Risk management guide for information technology systems. NIST Special Publication, pp. 800–830 (2002)

  35. Berger, B.: Data-centric Quantitative Computer Security Risk Assessment. Information Security Reading Room, SANS (2003)

  36. Lee W.: Toward cost-sensitive modeling for intrusion detection and response. J. Comput. Secur. 10(1), 5–22 (2002)

    Google Scholar 

  37. Butler, S.A.: Security attribute evaluation method: a cost-benefit approach. In: Proceedings of the 24rd International Conference on Software Engineering, pp. 232–240 (2002)

  38. Butler, S.A., Fischbeck, P.: Multi-attribute risk assessment. In: Proceedings of SREIS02 in conjunction with the 10th IEEE International Requirements Engineering Conference (2002)

  39. Nash J.: Non-cooperative games. Ann. Math. 54(2), 286–295 (1950)

    Article  MathSciNet  Google Scholar 

  40. Goldberg D.E.: Genetic Algorithms in Search, Optimization, and Machine Learning. Addison-Wesley, New York (1989)

    MATH  Google Scholar 

  41. Alba E., Tomassini M.: Parallelism and evolutionary algorithms. IEEE Trans. Evolut. Comput. 6(5), 443–462 (2002)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Denver, Denver, CO, 80208, USA

    Rinku Dewri

  2. Department of Computer Science, Colorado State University, Fort Collins, CO, 80523, USA

    Indrajit Ray & Darrell Whitley

  3. Department of Computer Science, Missouri University of Science and Technology, Rolla, MO, 65409, USA

    Nayot Poolsappasit

Authors
  1. Rinku Dewri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Indrajit Ray
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nayot Poolsappasit
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Darrell Whitley
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rinku Dewri.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Dewri, R., Ray, I., Poolsappasit, N. et al. Optimal security hardening on attack tree models of networks: a cost-benefit analysis. Int. J. Inf. Secur. 11, 167–188 (2012). https://doi.org/10.1007/s10207-012-0160-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-012-0160-y

Keywords

Search

Navigation