Abstract
Over the past decade, there has been a revelation as far as the development of the computer network is concerned.With the increased reliance and dependency on the computer networks, security threats to these networks have increased substantially. Therefore, securing the network from attempted intrusions and actual attacks have become more frequent and widespread. Present day networks are vulnerable against multi-stage, multi-host attacks, which combine the vulnerabilities existing on different machines and cause more damage. One of the tools for analyzing security vulnerabilities in enterprise networks is attack graph. An attack graph consists of a number of attack paths, each of which is a chain of exploits which an attacker utilizes during different stages of any attack. Each exploit in the series satisfies the pre-conditions for subsequent exploits and makes a cause-effect relationship among them. An attack graph is a complete graph, which is used to correlate multi-stage, multi-host attacks to represent various attack scenarios. One of the intrinsic problems with the generation of such a full attack graph is its scalability. In this chapter, a novel approach based on an artificial intelligence techniques, called planner, has been reported for scalable representation of the attack graphs. A planner is a special purpose search algorithm for finding out solutions within a large state space and does not suffer from state space explosion problem. A case study has also been presented to demonstrate the efficacy of the approach.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bugtraq vulnerability database, http://www.securityfocus.com/archive/ (accessed on June 2009)
National vulnerability database. automating vulnerability management, security measurement, and compliance checking, http://nvd.nist.gov/ (accessed on June 2009)
Nessus. open source vulnerability scanner project, http://www.nesssus.org (accessed on June 2009)
Network associates: Cybercop scanner, http://www.nai.com (accessed on June 2009)
Nmap, http://www.insecure.org/nmap/index.html (accessed on June 2009)
Retina. network security scanner, http://www.eeye.com/html/products/Retina (accessed on June 2009)
Smv information and software on web, http://www.cs.cmu.edu/~modelcheck (accessed on June 2009)
Ammann, P., Pamula, J., Ritchey, R., Street, J.: A host-based approach to network attack chaining analysis. In: Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC 2005), December 5-9 (2005)
Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of CCS 2002: 9th ACM Conference on Computer and Communications Security, pp. 217–224. ACM Press, New York (2002)
Artz, M.: NetSPA: A Network Security Planner. PhD thesis, Massachusettes Institute of Technology (May 2002)
Blum, A.L., Furst, M.L.: Fast planning through planning graph analysis. Journal of Artificial Intelligence, 281–300 (February 1997)
Chen, Y., Boehm, B., Sheppard, L.: Value driven security threat modeling based on attack path analysis. In: Proceedings of the 40th Annual Hawaii International Conference on System Sciences (HICSS) (January 2007)
Chen, Y., Hsu, C., Wah, B.: Temporal planning using subgoal partitioning and resolution in sgplan. Journal of Artificial Intelligence Research, 323–369 (2006)
Dacier, M., Deswarte, Y., Kaaniche, M.: Quantitative assessment of operational security: Models and tools. In: Proceedings of the LAAS Research Report 96493 (May 1996)
Dantu, R., Kolan, P., Akl, R., Loper, K.: Classification of attributes and behavior in risk management using bayesian networks. In: Proceedings of the IEEE International Conference on Intelligence and Security Informatics (ISI), May 23-24, pp. 71–74 (2007)
Dawkins, J., Hale, J.: A systematic approach to multi-stage network attack analysis. In: Proceedings of the Second IEEE Internation Information Assurance Workshop (IWIA 2004). IEEE Computer Society, Los Alamitos (2004)
Feng, C., Ju-Shu, S.: A flexible approach to measuring network security using attack graphs. In: Proceedings of the International Symposium on Electronic Commerce and Security (ISECS), August 3-5, pp. 426–431 (2008)
Fox, M., Long, D.: Pddl 2.1: An extension to pddl for expression temporal planning domains. Journal of Artificial Intelligence Research, 61–124 (2003)
Frigault, M., Wang, L.: Measuring network security using bayesian network-based attack graphs. In: Proceedings of the 32nd Annual IEEE International Conference on Computer Software and Applications (COMPSAC 2008), July 28–August 1, pp. 698–703 (2008)
Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC 2006), December 2006, pp. 121–130 (2006)
Jajodia, S., Noel, S., O’Berry, B.: Topological analysis of network attack vulnerability. In: Proceedings of Managing Cyber Threats: Issues, Approaches and Challenges. Kluwer Academic Publisher, Dordrecht (2003)
Moskowithz, I.S., Kang, M.H.: An insecurity flow model. In: Proceedings of the 6th New Security Paradigms Workshop, September 1997, pp. 61–74 (1997)
Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security. ACM Press, New York (2004)
Noel, S., Jajodia, S., O’Berry, B., Jacobs, M.: Efficient minimum-cost network hardening via exploit dependency graph. In: Proceedings of 19th Annual Computer Security Applications Conference, ACSAC 2003 (2003)
Ortalo, R., Deswarte, Y., Kanniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. In: Proceedings of the IEEE Transactions on Software Engineering, pp. 633–650 (1999)
Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS), 30 October - 3 November, pp. 336–345 (2006)
Ou, X., Govindavajhala, S., Appel, A.W.: Mulval: A logic-based network security analyzer. In: Proceedings of the 14th USENIX Security Symposium, July 31 – August 5 (2005)
Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the Workshop on New Security Paradigms (NSPW), September 22-26, pp. 71–79 (1998)
Ritchey, R., O’Berry, B., Noel, S.: Representing tcp/ip connectivity for topological analysis of network security. In: Proceedings of the 18th Annual Computer Security Applications Conference, ACSAC 2002 (2002)
Ritchey, R.W., Ammann, P.: Using model checking to analyze network vulnerabilities. In: Proceedings of the 2000 IEEE Symposium on Security and Privacy, May 2000, pp. 156–165 (2000)
Schneier, B.: Attack Trees: Modeling Security Threats. Dr. Dobb’s Journal, 21–29 (December 1999)
Sheynar, O.: Scenario Graphs and Attack Graphs. PhD thesis, Carnegei Mellon University, USA (April 2004)
Sheynar, O., Jha, S., Wing, J.M., Lippmann, R.P., Haines, J.: Automated generation and analysis of attack graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 273–284 (2002)
Sheynar, O., Wing, J.M.: Tools for generating and analyzing attack graphs. In: Proceedings of the Workshop on Formal Methods for Components and Objects (FMCO), November 2-5 (2004)
Swiler, L.P., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool. In: Proceedings of the 2nd DARPA Information Survivability Conference & Exposition (DISCEX II), vol. II, pp. 307–321. IEEE Computer Society, Los Alamitos (2001)
Templeton, S., Levitt, K.: A requires/provides model for computer attacks. In: Proceedings of the 2000 Workshop on New Security Paradigms. ACM Press, New York (2001)
Tidwell, T., Larson, R., Fitch, K., Hale, J.: Modelling internet attacks. In: Proceedings of the Second Annual IEEE SMC Information Assurance Workshop, pp. 54–59. IEEE Press, Los Alamitos (2001)
Tupper, M., Zincir-Heywood, A.N.: Vea-bility security metric: A network security analysis tool. In: Proceedings of the Third International Conference on Availability, Reliability, and Security, March 4-7, pp. 950–957 (2008)
Wang, L., Islam, T., Long, T., Singhal, A., Jajodia, S.: An attack graph-based probabilistic security metric. In: Atluri, V. (ed.) DAS 2008. LNCS, vol. 5094, pp. 283–296. Springer, Heidelberg (2008)
Wang, L., Singhal, A., Jajodia, S.: Measuring the overall security of network configurations using attack graphs. In: Proceedings of the 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec), July 8-11, pp. 98–112 (2007)
Wang, Y.M., Liu, Z.L., Cheng, X.Y., Zhang, K.J.: An analysis approach for multi-stage network attacks. In: Proceedings of the 4th International Conference on Machine Learning and Cybernetics (ICMLC), August 18-21 (2005)
Zhang, T., Hu, M.Z., Li, D., Sun, L.: An effective method to generate attack graph. In: Proceedings of the International Conference on Machine Learning and Cybernetics (ICMLC), August 18-21 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Ghosh, N., Ghosh, S.K. (2010). An Intelligent Approach for Security Management of an Enterprise Network Using Planner. In: Pratihar, D.K., Jain, L.C. (eds) Intelligent Autonomous Systems. Studies in Computational Intelligence, vol 275. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11676-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-11676-6_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11675-9
Online ISBN: 978-3-642-11676-6
eBook Packages: EngineeringEngineering (R0)