ABSTRACT
Binary particle swarm optimization (BPSO) is a technique widely used to solve combinatorial problems. In this paper, we propose a variant of BPSO to find most likely attack paths in an attack graph. The aim is to find an attack path with the highest attack probability and least path length. In such combinatorial optimization problem, the set of feasible solutions is usually discrete and an exhaustive search may lead to unnecessary examination of those segments of the search space, which are assured to not include a solution. The paper introduces the concept of bounding the solution space of BPSO. The minimum and maximum value of each objective called bound of the solution is computed. The search space of BPSO is restricted within these solution bounds and hence we name our approach as bounded binary particle swarm optimization (BBPSO). By bounding the solution space, those particles of BPSO which are guaranteed to be infeasible are not considered for feasibility check. Experimental results show that the proposed approach provide a 50 percent performance improvement as compared to the conventional BPSO.
- M. Abadi and S. Jalili. 2008. Using Binary Particle Swarm Optimization for Minimization Analysis of Large-scale Network Attack Graphs. In Scientia Iranica, Vol. 15. London, 605--619.Google Scholar
- Daniel Bilar. 2003. Quantitative Risk Analysis of Computer Networks. Ph.D. Dissertation. Hanover, NH, USA. AAI3114255. Google ScholarDigital Library
- E. W. Dijkstra. 1959. A Note on Two Problems in Connexion with Graphs. Numer. Math. 1, 1 (Dec. 1959), 269--271. Google ScholarDigital Library
- J. Kennedy and R. C. Eberhart. 1995. Particle Swarm Optimization. In International. Journal on Bio-Inspired Computation, Vol. 2. Perth, Australia, 1942--1948.Google Scholar
- J. Kennedy and R. C. Eberhart. 1997. A Discrete Binary Version of the Particle Swarm Algorithm. In IEEE International Conference on Systems, Man, and Cybernetics. Computational Cybernetics and Simulation, Vol. 5. 4104--4108 vol.5.Google Scholar
- D. E. Knuth. 1997. The Art of Computer Programming, Volume 1 (3rd Ed.): Fundamental Algorithms. Addison Wesley Longman Publishing Co., Inc., Redwood City, CA, USA. Google ScholarDigital Library
- R. Lippmann, K. Ingols, C. Scott, K. Piwowarski, K. Kratkiewicz, M. Artz, and R. Cunningham. 2006. Validating and Restoring Defense in Depth using Attack Graphs. In IEEE Conference on Military Communications (MILCOM). Google ScholarDigital Library
- M.Alhomidi and M.Reed. 2013. A Genetic Algorithm Approach for the Most Likely Attack Path Problem. In Availability, Reliability and Security (ARES) Eighth International Conference. Regensburg. Google ScholarDigital Library
- M.Alhomidi and M.Reed. 2013. Risk Assessment and Analysis through Population-based Attack Graph Modelling. In Internet Security (World- CIS) World Congress. London.Google ScholarCross Ref
- V. Mehta, C. Bartzis, H. Zhu, E. M. Clarke, and J.M.Wing. 2006. Ranking Attack Graphs. In Recent Advances in Intrusion Detection. Google ScholarDigital Library
- mnemonic. 2017. Security Report 2017. https://https://www.mnemonic.no/security_report/. (2017). Online; Accessed: July 2017.Google Scholar
- S. Noel and S. Jajodia. 2014. Metrics Suite for Network Attack Graph Analytics. In CISR@. 5--8. Google ScholarDigital Library
- J. Pamula, S. Jajodia, P. Ammann, and V. Swarup. 2006. A Weakest-Adversary Security Metric for Network Configuration Security Analysis. In 2nd ACM Workshop on Quality of Protection. Google ScholarDigital Library
- C. Phillips and L. P. Swiler. 1998. A Graph-based System for Network Vulnerability Analysis. In IProceedings of the Workshop on New Security Paradigms. New York, USA, 71--79. Google ScholarDigital Library
- O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. Wing. 2002. Automated Generation and Analysis of Attack Graphs. In Proceedings of the 2002 IEEE Symposium on Security and Privacy. Berkley, CA, USA, 273--284. Google ScholarDigital Library
- O. Sheyner and J. M. Wing. 2004. Tools for Generating and Analyzing Attack Graphs. In Proceedings of Workshop on Formal Methods for Components and Objects. 344--371.Google Scholar
- L. Wang, T. Islam, T. Long, A. Singhal, and S. Jajodia. 2008. An Attack Graph-Based Probabilistic Security Metric. In Proceeedings of the 22Nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security. Springer-Verlag, Berlin, Heidelberg, 283--296. Google ScholarDigital Library
- S. Govindavajhala X. Ou and A. W. Appel. 2005. Mulval: A Logic-based Network Security Analyzer. In In Usenix security. Google ScholarDigital Library
Index Terms
- Using Bounded Binary Particle Swarm Optimization to Analyze Network Attack Graphs
Recommendations
An improved cooperative quantum-behaved particle swarm optimization
Particle swarm optimization (PSO) is a population-based stochastic optimization. Its parameters are easy to control, and it operates easily. But, the particle swarm optimization is a local convergence algorithm. Quantum-behaved particle swarm ...
An enhanced particle swarm optimization with levy flight for global optimization
Enhanced PSO with levy flight.Random walk of the particles.High convergence rate.Provides solution accuracy and robust. Hüseyin Haklı and Harun Uguz (2014) proposed a novel approach for global function optimization using particle swarm optimization with ...
Cellular particle swarm optimization
This paper proposes a cellular particle swarm optimization (CPSO), hybridizing cellular automata (CA) and particle swarm optimization (PSO) for function optimization. In the proposed CPSO, a mechanism of CA is integrated in the velocity update to modify ...
Comments