Abstract
A successful computer system intrusion is often resulted from an attacker combining exploits of individual vulnerability. This can be modelled by attack models and attack graphs to provide a global view on system security against attacker’s goal. However, as the size and complexity of attack models and attack graphs usually greatly exceeds human ability to visualize, understand and analyze, a scheme is required to identify important portions of attack models and attack graphs. Mehta et al. proposed to rank states of an attack model by the probability of an adversary reaching a state by a sequence of exploiting individual vulnerabilities in a previous scheme. Important portions can hence be identified by ranks of states. However, Mehta et al.’s ranking scheme is based on the PageRank algorithm which models a web surfing scenario, but has not considered much on the dissimilarity between web surfing scenarios and computer system intrusion scenarios. In this paper, we extend Mehta et al.’s scheme by taking into consideration dissimilarity between web surfing scenarios and computer system intrusion scenarios. We experiment with the same network model used in Mehta et al.’s scheme and have the results compared. The experiments yielded promising results that demonstrated consistent ranks amongst varying parameters modelled by our ranking scheme.
This work is partially supported by Cooperative Research Center - Smart Internet Technology (CRC-SIT), Australia.
Chapter PDF
Similar content being viewed by others
References
NuSMV: a new symbolic model checker, http://nusmv.irst.itc.it/
Ng, A.Y., Zheng, A.X., Jordan, M.I.: Link analysis, eigenvectors and stability. In: Proceedings of International Conference on Research and Development in Information Retrieval (SIGIR 2001), ACM Press, New York (2001)
AT&T Research, http://www.graphviz.org/
Madan, B.B., Popstojanova, K.G., Vaidyanathan, K., Trivedi, K.S.: A method for modeling and quantifying the security attributes of intrusion tolerant systems. In: Dependable Systems and Networks-Performance and Dependability Symposium, pp. 167–186 (2004)
Phillips, C.A., Swiler, L.P.: A graph based system for network vulnerability analysis. In: Proceedings of the DARPA Information Survivability Conference and Exposition (2000)
Golub, G.H., Loan, V.: Matrix computation. The Johns Hopkins University Press, Baltimore (1993)
Dawkins, J., Hale, J.: A systematic approach to multi-stage network attack analysis. In: Proceedings of the Second IEEE International Information Assurance Workshop (2004)
Bianchini, M., Gori, M., Scarsell, F.: Inside PageRank. ACM Transactions on Internet Technology 5(1), 92–118 (2001)
Dacier, M., Deswarte, Y., Kaaniche, M.: Quantitative assessment of operational security: Models and tools. Technical Report 96493, LAAS (May 1996)
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA (May 2002)
Deswarte, Y., Ortalo, R., Kaaniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. Software Engineering 25(5), 633–650 (1999)
Ortalo, R., Deshwarte, Y., Kaaniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Transactions on Software Engineering, 71–79 (1999)
Brin, S., Page, L., Motwani, R., Winograd, T.: The PageRank citation ranking: Bringing order to the Web. Technical Report 1999-66, Standford University (1999)
Jha, S., Wing, J.: Survivability analysis of networked systems. In: 23rd International Conference on Software Engineering(ICSE’01), pp. 307–317 (2001)
Jha, S., Sheyner, O., Wing, J.: Two Formal Analysis of Attack Graphs. In: 15th IEEE Computer Security Foundations Workshop (CSFW’02), p. 49. IEEE Computer Society Press, Los Alamitos (2002)
Mehta, V., Bartzis, C., Zhu, H., Clarke, E., Wing, J.M.: Ranking Attack Graphs. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 127–144. Springer, Heidelberg (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Lu, L., Safavi-Naini, R., Horton, J., Susilo, W. (2007). An Adversary Aware and Intrusion Detection Aware Attack Model Ranking Scheme. In: Katz, J., Yung, M. (eds) Applied Cryptography and Network Security. ACNS 2007. Lecture Notes in Computer Science, vol 4521. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72738-5_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-72738-5_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72737-8
Online ISBN: 978-3-540-72738-5
eBook Packages: Computer ScienceComputer Science (R0)