Advertisement

Experiments with Simulation of Attacks against Computer Networks

  • I. Kotenko
  • E. Man’kov
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2776)

Abstract

The paper describes implementation issues of and experiments with the software tool “Attack Simulator” intended for active assessment of computer networks vulnerability at the stages of design and deployment. The suggested approach is based on malefactor’s intention modeling, ontology-based attack structuring and state machines specification of attack scenarios. The paper characterizes a generalized agent-based architecture of Attack Simulator. The generation of attacks against computer network model and real computer network is analyzed. The experiments demonstrating efficiency of Attack Simulator in generating various attacks scenarios against computer networks with different configurations and security policies are considered.

Keywords

Computer Network Intrusion Detection Security Policy Attack Scenario Attack Modeling 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Chi, S.-D., Park, J.S., Jung, K.-C., Lee, J.-S.: Network Security Modeling and Cyber Attack Simulation Methodology. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, p. 320. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Cohen, F.: Simulating Cyber Attacks, Defenses, and Consequences. In: IEEE Symposium on Security and Privacy, Berkeley, CA (1999)Google Scholar
  3. 3.
    Dawkins, J., Campbell, C., Hale, J.: Modeling network attacks: Extending the attack tree paradigm. In: Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection. Johns Hopkins University, Baltimore (2002)Google Scholar
  4. 4.
    Durst, R., Champion, T., Witten, B., Miller, E., Spanguolo, L.: Testing and evaluating computer intrusion detection systems. Communications of ACM 42(7) (1999)Google Scholar
  5. 5.
    Goldman, R.P.: A Stochastic Model for Intrusions. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, p. 199. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Gorodetski, V., Karsayev, O., Kotenko, I., Khabalov, A.: Software Development Kit for Multi-agent Systems Design and Implementation. In: Dunin-Keplicz, B., Nawarecki, E. (eds.) CEEMAS 2001. LNCS (LNAI), vol. 2296, p. 121. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Gorodetski, V., Kotenko, I.: Attacks against Computer Network: Formal Grammar-based Framework and Simulation Tool. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, p. 219. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Howard, J.D., Longstaff, T.A.: A Common Language for Computer Security Incidents, SANDIA REPORT, SAND98-8667 (1998)Google Scholar
  9. 9.
    Householder, A., Houle, K., Dougherty, C.: Computer Attack Trends Challenge Internet Security. IEEE Security & Privacy magazine, New Challenges, New Thinking (April 2002)Google Scholar
  10. 10.
    Kemmerer, R.A., Vigna, G.: NetSTAT: A network-based intrusion detection approach. In: Proceedings of the 14th Annual Computer Security Applications Conference, Scottsdale, Arizona (1998)Google Scholar
  11. 11.
    Kotenko, I.: Teamwork of Hackers-Agents: Modeling and Simulation of Coordinated Distributed Attacks on Computer Networks. In: Mařík, V., Müller, J.P., Pěchouček, M. (eds.) CEEMAS 2003. LNCS (LNAI), vol. 2691, p. 464. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Kumar, S., Spafford, E.H.: An Application of Pattern Matching in Intrusion Detection. Technical Report CSDTR 94 013. Purdue University. West Lafayette (1994)Google Scholar
  13. 13.
    Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA off-line intrusion detection evaluation. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, p. 162. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  14. 14.
    Moitra, S.D., Konda, S.L.: A Simulation Model for Managing Survivability of Networked Information Systems, Technical Report CMU/SEI-2000-TR-020 ESC-TR-2000-020 (2000)Google Scholar
  15. 15.
    Moore, A.P., Ellison, R.J., Linger, R.C.: Attack Modeling for Information Security and Survivability. Technical Note CMU/SEI-2001-TN-001. Survivable Systems (2001)Google Scholar
  16. 16.
    Ritchey, R.W., Ammann, P.: Using model checking to analyze network vulnerabilities. In: Proceedings of IEEE Computer Society Symposium on Security and Privacy (2000)Google Scholar
  17. 17.
    Schneier, B.: Attack Trees: Modeling Security Threats. Dr. Dobb’s Journal (December 1999)Google Scholar
  18. 18.
    Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the IEEE Computer Society Symposium on Security and Privacy (2002)Google Scholar
  19. 19.
    Stewart, A.J.: Distributed Metastasis: A Computer Network Penetration Methodology. Phrack Magazine 9(55) (1999)Google Scholar
  20. 20.
    Swiler, L., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool. In: Proceedings DISCEX 2001 (2001)Google Scholar
  21. 21.
    Templeton, S.J., Levitt, K.: A Requires/Provides Model for Computer Attacks. In: Proceedings of the New Security Paradigms Workshop (2000)Google Scholar
  22. 22.
    Vigna, G., Eckmann, S.T., Kemmerer, R.A.: Attack Languages. In: Proceedings of the IEEE Information Survivability Workshop, Boston (2000)Google Scholar
  23. 23.
    Yuill, J., Wu, F., Settle, J., Gong, F., Forno, R., Huang, M., Asbery, J.: Intrusion-detection for incident-response, using a military battlefield-intelligence process. In: Computer Networks, vol. 34 (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • I. Kotenko
    • 1
  • E. Man’kov
    • 1
  1. 1.St.-Petersburg Institute for Informatics and AutomationRussia

Personalised recommendations