Skip to main content

Advertisement

Springer Nature Link
Log in

A multi-objective cost–benefit optimization algorithm for network hardening

  • regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Network hardening is an optimization problem to find the best combination of countermeasures to protect a network from cyber-attacks. While an attacker exploits the vulnerabilities in the network, the countermeasures can prevent some exploits by disabling the vulnerabilities. Each countermeasure has different effects; for instance, one avoids data breaches while another protects service availability. As a result, the evaluation criteria for the set of countermeasures are multi-objective. This study proposes a multi-objective network hardening algorithm that enumerates the preferable combinations of security patches near the Pareto front. Our algorithm leverages monotonic security metrics defined naturally on attack graphs. Attack graphs are the graph-structured representation of qualitative dependencies among the security incidents that could occur on a network. There exist several quantitative metrics on attack graphs and have monotonicity. Monotonic security metrics guarantee that increased countermeasures always bring better network security. This property enables a gradient-descent algorithm that searches solutions for combinatorial optimization. We show numerical results which exhibit the remarkable efficiency of our approach. The result implies that the proposed algorithm can be a better alternative to the genetic algorithms used in the past network hardening studies.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

Data availability

The programs developed for this study generate every data shown in this article. There is no external dependency

Code Availability Statement

Not applicable.

References

  1. Albanese, M., Jajodia, S., Noel, S.: Time-efficient and cost-effective network hardening using attack graphs. In: IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), pp. 1–12. IEEE (2012). ISBN 978-1-4673-1625-5. https://doi.org/10.1109/DSN.2012.6263942. URL http://ieeexplore.ieee.org/document/6263942/

  2. Ali, H., Khan, F.A.: Attributed multi-objective comprehensive learning particle swarm optimization for optimal security of networks. Appl. Soft Comput. 13(9), 3903–3921 (2013). https://doi.org/10.1016/j.asoc.2013.04.015

    Article  Google Scholar 

  3. Almohri, H.M.J., Watson, L.T., Yao, D., Ou, X.: Security optimization of dynamic networks with probabilistic graph modeling and linear programming. IEEE Trans. Dependable Secure Comput. 13(4), 474–487 (2016). https://doi.org/10.1109/TDSC.2015.2411264

    Article  Google Scholar 

  4. Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security - CCS’02, p. 217. ACM Press, New York, USA (2002). ISBN 1581136129. https://doi.org/10.1145/586110.586140. http://portal.acm.org/citation.cfm?doid=586110.586140

  5. Bacic, E., Froh, M., Henderson, G.: MulVAL Extensions For Dynamic Asset Protection. Defence R&D Canada (2006)

  6. Bhuiyan, T.H., Nandi, A.K., Medal, H., Halappanavar, M.: Minimizing expected maximum risk from cyber-Attacks with probabilistic attack success. In: 2016 IEEE Symposium on Technologies for Homeland Security, HST 2016, pp. 1–6 (2016). https://doi.org/10.1109/THS.2016.7568892

  7. Ceri, S., Gottlob, G., Tanca, L.: What you always wanted to know about Datalog (and never dared to ask). IEEE Trans. Knowl. Data Eng. 1(1), 146–166 (1989). https://doi.org/10.1109/69.43410

    Article  Google Scholar 

  8. Cheng, P., Wang, L., Jajodia, S., Singhal, A.: Aggregating CVSS base scores for semantics-rich network security metrics. In: 2012 IEEE 31st Symposium on Reliable Distributed Systems, pp. 31–40. IEEE (2012). ISBN 978-1-4673-2397-0. https://doi.org/10.1109/SRDS.2012.4. URL http://ieeexplore.ieee.org/document/6424837/

  9. Cordon, O., Herrera, F., Stützle, T.: A review on the ant colony optimization metaheuristic: basis, models and new trends. Mathw. Soft Comput. 9, 141–175 (2002)

    MathSciNet  MATH  Google Scholar 

  10. de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pp. 337–340. Springer (2008). https://doi.org/10.1007/978-3-540-78800-3_24. URL http://link.springer.com/10.1007/978-3-540-78800-3_24

  11. Deb, K., Pratap, A., Agarwal, S., Meyarivan, T.: A fast and elitist multiobjective genetic algorithm: NSGA-II. IEEE Trans. Evol. Comput. 6(2), 182–197 (2002). https://doi.org/10.1109/4235.996017

    Article  Google Scholar 

  12. Dewri, R., Poolsappasit, N., Ray, I., Whitley, D.: Optimal security hardening using multi-objective optimization on attack tree models of networks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security - CCS ’07, p. 20. ACM Press, New York, USA (2007). ISBN 9781595937032. https://doi.org/10.1145/1315245.1315272. URL http://portal.acm.org/citation.cfm?doid=1315245.1315272

  13. Dewri, R., Ray, I., Poolsappasit, N., Whitley, D.: Optimal security hardening on attack tree models of networks: a cost-benefit analysis. Int. J. Inf. Secur. 11(3), 167–188 (2012). https://doi.org/10.1007/s10207-012-0160-y

    Article  Google Scholar 

  14. Dorigo, M., Maniezzo, V., Colorni, A.: Ant system: optimization by a colony of cooperating agents. IEEE Trans. Syst. Man Cybern. Part B (Cybernetics) 26(1), 29–41 (1996). https://doi.org/10.1109/3477.484436

    Article  Google Scholar 

  15. Durkota, K., Lisý, V., Bošanský, B., Kiekintveld, C.: Approximate solutions for attack graph games with imperfect information. In: Lecture Notes in Computer Science (including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9406, pp. 228–249. (2015). ISSN 16113349. https://doi.org/10.1007/978-3-319-25594-1_13

  16. Durkota, K., Lisy, V., Bosansky, B., Kiekintveld, C.: Optimal network security hardening using attack graph games. IJCAI Int. Jt. Conf. Artif. Intell. 2015(Ijcai), 526–532 (2015)

    MATH  Google Scholar 

  17. Durkota, K., Lisy, V., Kiekintveld, C., Bosansky, B., Pechoucek, M.: Case studies of network defense with attack graph games. IEEE Intell. Systems 31(5), 24–30 (2016). https://doi.org/10.1109/MIS.2016.74.ISSN15411672

    Article  Google Scholar 

  18. Enoch, S.Y., Hong, J.B., Ge, M., Khan, K.M., Kim, D.S.: Multi-objective security hardening optimisation for dynamic networks. IEEE Int. Conf. Commun. (2019). https://doi.org/10.1109/ICC.2019.8761984

    Article  Google Scholar 

  19. Fikes, R.E., Nilsson, N.J.: Strips: A new approach to the application of theorem proving to problem solving. Artif. Intell. 2(3–4), 189–208 (1971). https://doi.org/10.1016/0004-3702(71)90010-5

    Article  MATH  Google Scholar 

  20. Fila, B., Widel, W.: Exploiting attack-defense trees to find an optimal set of countermeasures. Proc. IEEE Comput. Secur. Found. Symp. 2020, 395–410 (2020). https://doi.org/10.1109/CSF49147.2020.00035

    Article  Google Scholar 

  21. FIRST: Common Vulnerability Scoring System version 3.1: Specification Document Revision 1. pp. 1–28. (2019)

  22. Fortin, F.-A., De, R., François-Michel, G., Marc-André, P., Marc, G.: DEAP: evolutionary algorithms made easy. J. Mach. Learn. Res. 13(Jul), 2171–2175 (2012)

    MathSciNet  Google Scholar 

  23. Froh, M., Henderson, G.: MulVAL Extensions II Defence R&D Canada-Ottawa. (2009)

  24. Fukuda, E.H., Drummond, L.M.G.: A survey on multiobjective descent methods. Pesqui. Oper. 34(3), 585–620 (2014). https://doi.org/10.1590/0101-7438.2014.034.03.0585

    Article  Google Scholar 

  25. Glover, F., Laguna, M.: Tabu search. In: Handbook of Combinatorial Optimization, pp. 2093–2229. Springer US, Boston, MA (1998). https://doi.org/10.1007/978-1-4613-0303-9_33. URL http://spot.colorado.edu/~glover. http://link.springer.com/10.1007/978-1-4613-0303-9_33

  26. Hart, P., Nilsson, N., Raphael, B.: A formal basis for the heuristic determination of minimum cost paths. IEEE Trans. Syst. Sci. Cybern. 4(2), 100–107 (1968). https://doi.org/10.1109/TSSC.1968.300136

    Article  Google Scholar 

  27. Homer, J., Ou, X., McQueen, M.A.: From attack graphs to automated configuration management-an iterative approach. Technical report (2008). URL https://people.cs.ksu.edu/~xou/publications/tr_ou_0108.pdf

  28. Homer, J., Ou, X., Schmidt, D.: A sound and practical approach to quantifying security risk in enterprise networks. Kansas State University Technical Report, pp. 1–15. (2009)

  29. Huang, V.L., Suganthan, P.N., Liang, J.J.: Comprehensive learning particle swarm optimizer for solving multiobjective optimization problems. Int. J. Intell. Syst. 21(2), 209–226 (2006). https://doi.org/10.1002/int.20128

    Article  MATH  Google Scholar 

  30. Jajodia, S., Noel, S.: Topological vulnerability analysis. In: Cyber Situational Awareness, pp. 139–154. Elsevier, Amsterdam (2010). https://doi.org/10.1007/978-1-4419-0140-8_7

    Chapter  Google Scholar 

  31. Jajodia, S., Park, N., Serra, E., Subrahmanian, V.S.: SHARE. ACM Trans. Internet Technol. 18(3), 1–41 (2018). https://doi.org/10.1145/3137571

    Article  Google Scholar 

  32. Jha, S., Sheyner, O., Wing, J.: Two formal analysis of attack graphs. In: Proceedings - Computer Security Foundations Workshop, 15th IEEE, pp. 49–63. (2002). ISBN 0-7695-1689-0. https://doi.org/10.3724/SP.J.1001.2010.03584. URL http://pub.chinasciencejournal.com/article/getArticleRedirect.action?doiCode=10.3724/SP.J.1001.2010.03584

  33. Khouzani, M.H.R., Liu, Z., Malacaria, P.: Scalable min-max multi-objective cyber-security optimisation over probabilistic attack graphs. Eur. J. Oper. Res. 278(3), 894–903 (2019). https://doi.org/10.1016/j.ejor.2019.04.035

    Article  MathSciNet  MATH  Google Scholar 

  34. Kordy, B., Wideł, W.: How well can i secure my system?. In: Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence And Lecture Notes in Bioinformatics), 10510 LNCS, pp. 332–347 (2017). https://doi.org/10.1007/978-3-319-66845-1_22

  35. Kordy, B., Wideł, W.: On quantitative analysis of attack defense trees with repeated labels. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 10804 LNCS:325–346. (2018). ISSN 16113349. https://doi.org/10.1007/978-3-319-89722-6_14

  36. Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack-defense trees. J. Log. Comput. 24(1), 55–87 (2014). https://doi.org/10.1093/logcom/exs029

    Article  MathSciNet  MATH  Google Scholar 

  37. Joshua, L., Yevgeniy, V.: Optimal interdiction of attack plans. In: 12th International Conference on Autonomous Agents and Multiagent Systems 2013, AAMAS 2013, vol. 1, pp. 199–206. (2013)

  38. Li, X.Y.: Optimization algorithms for the minimum-cost satisfiability problem. PhD thesis, North Carolina State University, Raleigh, North Carolina, (2004). URL http://www.lib.ncsu.edu/resolver/1840.16/4594

  39. Miehling, E., Rasouli, M., Teneketzis, D.: Optimal defense policies for partially observable spreading processes on Bayesian attack graphs. In: MTD 2015 - Proceedings of the 2nd ACM Workshop on Moving Target Defense, Co-located with: CCS 2015, pp. 67–76. (2015). https://doi.org/10.1145/280475.28084828

  40. Miehling, E., Rasouli, M., Teneketzis, D.: A POMDP approach to the dynamic defense of large-scale cyber networks. IEEE Trans. Inf. Forensics Secur. 13(10), 2490–2505 (2018). https://doi.org/10.1109/TIFS.2018.2819967

    Article  Google Scholar 

  41. Nandi, A.K., Medal, H.R., Vadlamani, S.: Interdicting attack graphs to protect organizations from cyber attacks: a bi-level defender-attacker model. Comput. Oper. Res. 75, 118–131 (2016). https://doi.org/10.1016/j.cor.2016.05.005

    Article  MathSciNet  MATH  Google Scholar 

  42. Noel, S., Jajodia, S., O’Berry, B., Jacobs, M.: Efficient minimum-cost network hardening via exploit dependency graphs. In: 19th Annual Computer Security Applications Conference, 2003. Proceedings., pp. 86–95. IEEE (2003). https://doi.org/10.1109/CSAC.2003.1254313. URL http://ieeexplore.ieee.org/document/1254313/

  43. Ou, X.: A Logic-programming Approach to Network Security Analysis. PhD thesis, Princeton University, USA (2005)

  44. Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: Proceedings of the 14th Conference on USENIX Security Symposium, vol. 14. (2005). URL https://www.usenix.org/conference/14th-usenix-security-symposium/mulval-logic-based-network-security-analyzer

  45. Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security - CCS ’06, pp. 336–345. ACM Press, New York, USA, (2006) . ISBN 1595935185. https://doi.org/10.1145/1180405.1180446. URL http://dl.acm.org/citation.cfm?doid=1180405.1180446

  46. Phillips, C., Swiler, L.P.: A Graph-based System for Network-vulnerability Analysis. In: Proceedings of the 1998 Workshop on New Security Paradigms, pp. 71–79. (1998). ISBN 1-58113-168-2. https://doi.org/10.1145/310889.310919

  47. Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using bayesian attack graphs. IEEE Trans. Dependable Secure Comput. 9(1), 61–74 (2012). https://doi.org/10.1109/TDSC.2011.34

    Article  Google Scholar 

  48. Rahman, M.A., Al-Shaer, E.: A formal approach for network security management based on qualitative risk analysis. In: Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013, pp. 244–251. (2013)

  49. Rahman, M.A., Al-Shaer, E.: automated synthesis of distributed network access controls: a formal framework with refinement. IEEE Trans. Parallel Distrib. Syst. 28(2), 416–430 (2017). https://doi.org/10.1109/TPDS.2016.2585108

    Article  Google Scholar 

  50. Ritchey, R., O’Berry, B., Noel, S.: Representing TCP/IP connectivity for topological analysis of network security. Proc. Ann. Comput. Secur. Appl. Conf. ACSAC 2002, 25–31 (2002). https://doi.org/10.1109/CSAC.2002.1176275

    Article  Google Scholar 

  51. Roy, A., Kim, D.S., Trivedi, K.S.: Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees. Proc. Int. Conf. Depend. Syst. Netw. (2012). https://doi.org/10.1109/DSN.2012.6263940

    Article  Google Scholar 

  52. Roy, A., Kim, D.S., Trivedi, K.S.: Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees. Secur. Commun. Netw. 5(8), 929–943 (2012). https://doi.org/10.1002/sec.299

    Article  Google Scholar 

  53. Saha, D.: Extending logical attack graphs for efficient vulnerability analysis. Proc. ACM Conf. Comput. Commun. Secur. (2008). https://doi.org/10.1145/1455770.1455780

    Article  Google Scholar 

  54. Sarraute, C., Buffet, O., Hoffmann, J.: POMDPs make better hackers: accounting for uncertainty in penetration testing. Proc. Natl. Conf. Artif. Intell. 3, 1816–1824 (2012)

    Google Scholar 

  55. Schneier, B.: Attack Trees. Secrets and Lies: Digital Security in a Networked World, pp. 318–333. (2015)

  56. Serra, E., Jajodia, S., Pugliese, A., Rullo, A., Subrahmanian, V.S.: Pareto-optimal adversarial defense of enterprise systems. ACM Trans. Inf. Syst. Secur. 17(3), 1–39 (2015). https://doi.org/10.1145/2699907

    Article  Google Scholar 

  57. Silver, D., Veness, J.: Monte-Carlo planning in large POMDPs. In: Proceedings of the 23rd International Conference on Neural Information Processing Systems - Volume 2, vol. 23, pp. 2164–2172. (2010). https://doi.org/10.5555/2997046.2997137

  58. Speicher, P., Steinmetz, M., Backes, M., Hoffmann, J., Künnemann, R.: Stackelberg planning: towards effective leader-follower state space search. In: 32nd AAAI Conference on Artificial Intelligence, AAAI 2018, pp. 6286–6293. (2018)

  59. Speicher, P., Steinmetz, M., Kunnemann, R., Simeonovski, M., Pellegrino, G., Hoffmann, J., Backes, M.: Formally reasoning about the cost and efficacy of securing the email infrastructure. In: Proceedings - 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018, pp. 77–91. (2018). https://doi.org/10.1109/EuroSP.2018.00014

  60. Speicher, P., Steinmetz, M., Hoffmann, J., Backes, M., Künnemann, R.: Towards automated network mitigation analysis. Proc. ACM Symp. Appl. Comput. Part F1477, 1971–1978 (2019). https://doi.org/10.1145/3297280.3297473

    Article  Google Scholar 

  61. Stan, O., Bitton, R., Ezrets, M., Dadon, M., Inokuchi, M., Yoshinobu, O., Tomohiko, Y., Elovici, Y., Shabtai, A.: extending attack graphs to represent cyber-attacks in communication protocols and modern IT networks. IEEE Trans. Depend. Secure Comput. 5971(c), 1–18 (2020). https://doi.org/10.1109/TDSC.2020.3041999

    Article  Google Scholar 

  62. Stan, O., Bitton, R., Ezrets, M., Dadon, M., Inokuchi, M., Ohta, Y., Yagyu, T., Elovici, Y., Shabtai, A.: Heuristic Approach for Countermeasure Selection Using Attack Graphs, pp. 1–16. (2021). https://doi.org/10.1109/csf51468.2021.00003

  63. Sun, X., Dai, J., Singhal, A., Liu, P.: Inferring the stealthy bridges between enterprise network islands in cloud using cross-layer bayesian networks. Lecture Notes Inst. Comput. Sci. Soc.-Inf. Telecommun. Eng. LNICST 152, 3–23 (2015). https://doi.org/10.1007/978-3-319-23829-6_1

    Article  Google Scholar 

  64. Sun, X., Singhal, A., Liu, P.: Towards actionable mission impact assessment in the context of cloud computing. In: Livraga, G., Zhu, S. (eds.) Data and Applications Security and Privacy XXXI, pp. 259–274. Springer, Cham (2017)

    Chapter  Google Scholar 

  65. Swiler, L.P., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool. Proc. DARPA Inf. Surviv. Conf. Expo. II, DISCEX 2001 2, 307–321 (2001). https://doi.org/10.1109/DISCEX.2001.932182

    Article  Google Scholar 

  66. Viduto, V., Maple, C., Huang, W., LóPez-PeréZ, D.: A novel risk assessment and optimisation model for a multi-objective network security countermeasure selection problem. Decis. Support Syst. 53(3), 599–610 (2012)

    Article  Google Scholar 

  67. Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Comput. Commun. 29(18), 3812–3824 (2006). https://doi.org/10.1016/j.comcom.2006.06.018

    Article  Google Scholar 

  68. Wang, L., Islam, T., Long, T., Singhal, A., Jajodia, S.: An attack graph-based probabilistic security metric. In: IFIP Annual Conference on Data and Applications Security and Privacy, pp. 283–296. 2008. ISBN 978-3-540-70567-3. https://doi.org/10.1007/978-3-540-70567-3_22

  69. Wang, S., Zhang, Z., Kadobayashi, Y.: Exploring attack graph for cost-benefit security hardening: a probabilistic approach. Comput. Secur. 32(61100156), 158–169 (2013). https://doi.org/10.1016/j.cose.2012.09.013

    Article  Google Scholar 

  70. While, L., Hingston, P., Barone, L., Huband, S.: A faster algorithm for calculating hypervolume. IEEE Trans. Evol. Comput. 10(1), 29–38 (2006). https://doi.org/10.1109/TEVC.2005.851275

Download references

Acknowledgements

The author wishes to acknowledge Dr. Junichi Iijima, Professor in the Department of International Digital and Design Management, School of Management, Tokyo University of Science, and Dr. Keisuke Tanaka, Professor in the Department of Mathematical and Computing Science, School of Computing, Tokyo Institute of Technology, for reviewing and providing constructive advice on the drafts of this article.

Funding

No funding was received for conducting this study.

Author information

Authors and Affiliations

  1. Graduate Major in Mathematical and Computing Science, Department of Mathematical and Computing Science, School of Computing, Tokyo Institute of Technology, Tokyo, Japan

    Kengo Zenitani

Authors
  1. Kengo Zenitani
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Kengo Zenitani.

Ethics declarations

Conflict of interest

The authors have no conflicts of interest to declare that are relevant to the content of this article.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Supplementary Information

Below is the link to the electronic supplementary material.

Supplementary file 1 (zip 17 KB)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zenitani, K. A multi-objective cost–benefit optimization algorithm for network hardening. Int. J. Inf. Secur. 21, 813–832 (2022). https://doi.org/10.1007/s10207-022-00586-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-022-00586-7

Keywords