Evgeny Sergeevich Abramov
ABSTRACT
Using attack graphs for the security analysis allows to consider the relationship of individual components and their security parameters. It gives more accurate data to assess the security of the system as a whole comparing with investigation of security properties of the individual nodes. This paper describes the calculation of attack graph, analyze the results and evaluate the effectiveness of existing countermeasures. The model allows dynamic routing, filtering on any network object, NAT. States in attack graph are detailed to confidentiality, integrity, availability triad. In constructing the attack graph takes into account both local and network vulnerability. The results of experimental evaluation of system performance presented. For the analysis of 10000 simulated hosts took an average time of about 100 seconds. The number of access control rules (from 500 to 4000 per simulated subnet) were chosen so that the maximum number of filtering rules for devices were about 1,000.
- ISO / IEC 15408--3:2009.Google Scholar
- Kyle Ingols, Matthew Chu, Richard Lippmann, Seth Webster, Stephen Boyer, "Modeling Modern Network Attacks and Countermeasures Using Attack Graphs," acsac, pp.117--126, 2009 Annual Computer Security Applications Conference, 2009. Google ScholarDigital Library
- 3.Sushil Jajodia, Steven Noel, "Topological Vulnerability Analysis", Advances in Information Security, 2010, Volume 46, Part 4, pp. 139--154.Google Scholar
- Common platform enumeration. MITRE. http://cpe.mitre.orgGoogle Scholar
- Common Vulnerability Scoring System. Forum of Incident Response and Security Teams, Common Vulnerability Scoring System-Special Interest Group. http://www.first.org/cvss/ .Google Scholar
- http://oval.mitre.org/language/interpreter.html .Google Scholar
- National Vulnerability Database. http://nvd.nist.gov/download.cfm .Google Scholar
- Official Common Platform Enumeration Dictionary. http://nvd.nist.gov/cpe.cfm .Google Scholar
- ISO / IEC 15408--1:2009.Google Scholar
- Evgeny Abramov, Denis Mordvin, and Oleg Makarevich. 2010. Automated method for constructing of network traffic filtering rules. In Proceedings of the 3rd international conference on Security of information and networks (SIN '10).ACM, New York, NY, USA, 203--211. DOI = 10.1145/1854099.1854141 http://doi.acm.org/10.1145/1854099.1854141 Google ScholarDigital Library
- Common Vulnerabilities and Exposures. MITRE. http://cve.mitre.org/ .Google Scholar
- L. Yuan et al., "FIREMAN: A toolkit for FIREwall modeling and ANalysis," in IEEE Symposium on Security and Privacy. IEEE Computer Society, 2006, pp. 199--213. Google ScholarDigital Library
- Corporate networks security evaluation based on attack graphs
Recommendations
From attack graph analysis to attack function analysis
AbstractAttack graph analysis is a model-based network-security analysis method. It generates and analyzes a directed graph called an attack graph. Each node corresponds to a malicious event caused by attackers, and the edges correspond to the causal ...
Highlights- Proposing to use attack functions as the single source of various attack graphs.
- An attack function is a monotonic mapping between sets of propositions.
- It enables the consistent mixture of different forms of attack graphs.
- It ...
A review of attack graph and attack tree visual syntax in cyber security
AbstractPerceiving and understanding cyber-attacks can be a difficult task, and more effective techniques are needed to aid cyber-attack perception. Attack modelling techniques (AMTs) - such as attack graphs, attack trees and fault trees, are ...
Interdicting attack graphs to protect organizations from cyber attacks
Today's organizations are inherently open and connected, sharing knowledge and ideas in order to remain innovative. As a result, these organizations are also more vulnerable to information theft through different forms of security breaches caused by ...
Comments