Skip to main content
SpringerLink
Log in

Effective Network Vulnerability Assessment through Model Abstraction

  • Conference paper
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6739))

Abstract

A significant challenge in evaluating network security stems from the scale of modern enterprise networks and the vast number of vulnerabilities regularly found in software applications. A common technique to deal with this complexity is attack graphs, where a tool automatically computes all possible ways a system can be broken into by analyzing the configuration of each host, the network, and the discovered vulnerabilities. Past work has proposed methodologies that post-process “raw” attack graphs so that the result can be abstracted and becomes easier for a human user to grasp. We notice that, while visualization is a major problem caused by the multitude of attack paths in an attack graph, a more severe problem is the distorted risk picture it renders to both human users and quantitative vulnerability assessment models. We propose that abstraction be done before attack graphs are computed, instead of after. This way we can prevent the distortion in quantitative vulnerability assessment metrics, at the same time improving visualization as well. We developed an abstract network model generator that, given reachability and configuration information of a network, provides an abstracted model with much more succinct information about the system than the raw model. The model is generated by grouping hosts based on their network reachability and vulnerability information, as well as grouping vulnerabilities with similar exploitability. We show that the attack graphs generated from this type of abstracted inputs are not only much smaller, but also provide more realistic quantitative vulnerability metrics for the whole system. We conducted experiments on both synthesized and production systems to demonstrate the effectiveness of our approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of 9th ACM Conference on Computer and Communications Security, Washington, DC (November 2002)

    Google Scholar 

  2. Dacier, M., Deswarte, Y., Kaâniche, M.: Models and tools for quantitative assessment of operational security. In: IFIP SEC (1996)

    Google Scholar 

  3. Dawkins, J., Hale, J.: A systematic approach to multi-stage network attack analysis. In: Proceedings of Second IEEE International Information Assurance Workshop, pp. 48–56 (April 2004)

    Google Scholar 

  4. Dewri, R., Poolsappasit, N., Ray, I., Whitley, D.: Optimal security hardening using multi-objective optimization on attack tree models of networks. In: 14th ACM Conference on Computer and Communications Security, CCS (2007)

    Google Scholar 

  5. Frigault, M., Wang, L., Singhal, A., Jajodia, S.: Measuring network security using dynamic Bayesian network. In: Proceedings of the 4th ACM Workshop on Quality of Protection (2008)

    Google Scholar 

  6. Homer, J., Ou, X., Schmidt, D.: A sound and practical approach to quantifying security risk in enterprise networks. Technical report, Kansas State University (2009)

    Google Scholar 

  7. Homer, J., Varikuti, A., Ou, X., McQueen, M.A.: Improving attack graph visualization through data reduction and attack grouping. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSec 2008. LNCS, vol. 5210, pp. 68–79. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  8. Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: 22nd Annual Computer Security Applications Conference (ACSAC), Miami Beach, Florida (December 2006)

    Google Scholar 

  9. Jajodia, S., Noel Advanced, S.: cyber attack modeling analysis and visualization. Technical Report AFRL-RI-RS-TR-2010-078, Air Force Research Laboratory (March 2010)

    Google Scholar 

  10. Jajodia, S., Noel, S., O’Berry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats: Issues, Approaches and Challanges, Massive computing, vol. 5, pp. 247–266. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  11. Li, W., Vaughn, R.B., Dandass, Y.S.: An approach to model network exploitations using exploitation graphs. SIMULATION 82(8), 523–541 (2006)

    Article  Google Scholar 

  12. Lippmann, R.P., Ingols, K.W.: An annotated review of past papers on attack graphs. Technical report, MIT Lincoln Laboratory (March 2005)

    Google Scholar 

  13. Lippmann, R.P., Ingols, K.W., Scott, C., Piwowarski, K., Kratkiewicz, K., Artz, M., Cunningham, R.: Evaluating and strengthening enterprise network security using attack graphs. Technical Report ESC-TR-2005-064, MIT Lincoln Laboratory (October 2005)

    Google Scholar 

  14. Mell, P., Scarfone, K., Romanosky, S.: A Complete Guide to the Common Vulnerability Scoring System Version 2.0. In: Forum of Incident Response and Security Teams (FIRST) (June 2007)

    Google Scholar 

  15. Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. In: VizSEC/DMSEC 2004: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 109–118. ACM Press, New York (2004)

    Chapter  Google Scholar 

  16. Noel, S., Jajodia, S., Wang, L., Singhal, A.: Measuring security risk of networks using attack graphs. International Journal of Next-Generation Computing 1(1) (July 2010)

    Google Scholar 

  17. Ortalo, R., Deswarte, Y., Kaâniche Experimenting, M.: with quantitative evaluation tools for monitoring operational security. IEEE Transactions on Software Engineering  25(5) (1999)

    Google Scholar 

  18. Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: 13th ACM Conference on Computer and Communications Security (CCS), pp. 336–345 (2006)

    Google Scholar 

  19. Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: A logic-based network security analyzer. In: 14th USENIX Security Symposium (2005)

    Google Scholar 

  20. Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: NSPW 1998: Proceedings of the 1998 Workshop on New Security Paradigms, pp. 71–79. ACM Press, New York (1998)

    Google Scholar 

  21. Saha, D.: Extending logical attack graphs for efficient vulnerability analysis. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS (2008)

    Google Scholar 

  22. Sawilla, R.E., Ou, X.: Identifying critical attack assets in dependency attack graphs. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 18–34. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  23. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 254–265 (2002)

    Google Scholar 

  24. Swiler, L.P., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool. In: DARPA Information Survivability Conference and Exposition (DISCEX II 2001), vol. 2 (June 2001)

    Google Scholar 

  25. Ekstedt, M., Sommestad, T., Johnson, P.: A probabilistic relational model for security risk analysis. Computer & Security 29, 659–679 (2010)

    Article  Google Scholar 

  26. Tidwell, T., Larson, R., Fitch, K., Hale, J.: Modeling Internet attacks. In: Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, West Point, NY (June 2001)

    Google Scholar 

  27. Wang, L., Islam, T., Long, T., Singhal, A., Jajodia, S.: An attack graph-based probabilistic security metric. In: Proceedings of The 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, DBSEC 2008 (2008)

    Google Scholar 

  28. Wang, L., Singhal, A., Jajodia, S.: Measuring network security using attack graphs. In: Third Workshop on Quality of Protection, QoP (2007)

    Google Scholar 

  29. Wang, L., Singhal, A., Jajodia, S.: Measuring the overall security of network configurations using attack graphs. In: Proceedings of 21th IFIP WG 11.3 Working Conference on Data and Applications Security, DBSEC 2007 (2007)

    Google Scholar 

  30. Williams, L., Lippmann, R., Ingols, K.: An interactive attack graph cascade and reachability display. In: IEEE Workshop on Visualization for Computer Security, VizSEC 2007 (2007)

    Google Scholar 

  31. Xu, Y., Bailey, M., Vander Weele, E., Jahanian, F.: CANVuS: Context-aware network vulnerability scanning. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 138–157. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Kansas State University, USA

    Su Zhang & Xinming Ou

  2. Abilene Christian University, USA

    John Homer

Authors
  1. Su Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xinming Ou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. John Homer
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Ar-beits-grup-pe "Em-bed-ded Mal-wa-re", Ruhr-Uni-ver-si-tät Bo-chum, Uni-ver-si-täts-stras-se 150, 44801, Bochum, Germany

    Thorsten Holz

  2. Vrije Universiteit Amsterdam, 1081, Amsterdam, The Netherlands

    Herbert Bos

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhang, S., Ou, X., Homer, J. (2011). Effective Network Vulnerability Assessment through Model Abstraction. In: Holz, T., Bos, H. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2011. Lecture Notes in Computer Science, vol 6739. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22424-9_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22424-9_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22423-2

  • Online ISBN: 978-3-642-22424-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation