A Framework for Unified Network Security Management: Identifying and Tracking Security Threats on Converged Networks
- 304 Downloads
A comprehensive network security management system must coordinate detection and scanning tools for converged networks; derive fully-integrated attack and network models; perform vulnerability and multi-stage attack analysis; support large-scale attack visualization; and possibly orchestrate strategic responses to unwarranted actions that cross network boundaries. We present an architecture that embodies these principles. The unified network security management system described in this paper gleans data from a suite of detection tools for various networking domains. Aggregate real-time network data supplies a comprehensive modeling framework used for further analysis, correlation, and visualization. The resulting system not only provides network administrators with a heads-up cockpit display of their entire network, it also supports guided response and predictive capabilities for multi-stage attacks in converged networks.
KeywordsConverged networks security architecture network modeling attack visualization attack management
Unable to display preview. Download preview PDF.
- 1.N. Muller, Convergence: The Next Revolution in Telecommunications, Artech, 1999.Google Scholar
- 2.Fyodor, The Art of Port Scanning, http://www.insecure.org, 2002.
- 3.T. Kosloff, Attacks on public telephone networks: Technologies and challenges. Proceedings of the SPIE Conference on Sensors and C3I Technologies for Homeland Defense and Law Enforcement, 2003.Google Scholar
- 4.G. Vigna, F. Valeur, J. Zhou, and R. A. Kemmerer, Comoposable Tools for Network Discovery and Security Analyses. Proceedings of the Annual Computer Security Applications Conference, 2002.Google Scholar
- 5.B. Skaggs, B. Blackburn, G. Manes, and S. Shenoi, Network Vulnerability Analysis. Proceedings of the IEEE 45gh Midwest Symposium on Circuits and Systems, 2002.Google Scholar
- 6.General Dynamic, Inc. Motorola Intrusion Vision.Google Scholar
- 7.Ringneck Technologies, Inc. Ringneck Security Console.Google Scholar
- 8.G. Lorenz, Public Telephone Network Vulnerabilities. Advances in Data and Applications Security.Google Scholar
- 9.C. Campbell, J. Dawkins, R. Larson, K. Fitch, and T. Tidwell, Network Modeling for Vulnerability Analysis. Proceedings of the Third Annual International Systems Security Engineering Association Conference, 2002, 2002.Google Scholar
- 10.J. Dawkins, C. Campbell, R. Larson, K. Fitch, and T. Tidwell, Modeling Network Attacks: Extending the Attack Tree Paradigm. Proceedings of the Third Annual International Systems Security Engineering Association Conference, 2002.Google Scholar
- 11.B. Schneier, Secrets and Lies, Wiley, San Francisco, CA, 2000.Google Scholar
- 12.American Nation Standards Institute. SS7 Integrated Services Digital Network User Part.Google Scholar
- 13.GR-82: Signaling Transfer Point Generic Reuirements, Telcordia, 2001.Google Scholar
- 14.J. Somesh, J. Wing, and O. Sheyner, Minimization and reliability analysis of attack graphs, Carnegie Mellon University, 2002.Google Scholar
- 15.O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. Wing, Automated Generation and Analysis of Attack Graphs. Proceedings of the IEEE Symposium on Security and Privacy, June, 2002.Google Scholar
- 16.J. Andrews, T. Reliability Moss, and Risk Assesment, The American Society of Mechanical Engineers, 2002.Google Scholar
- 17.N. Leveson, Safeware: System Safety and Computers, New York, 1995.Google Scholar