NETWORK SECURITY EVALUATION BASED ON SIMULATION OF MALFACTOR’S BEHAVIOR

Igor Kotenko, Mikhail Stepashkin

2006

Abstract

The approach to computer network security analysis intended for using both at design and exploitation stages is suggested. This approach is based on simulation of malefactor’s behavior, generating common attack graphs and calculating different security metrics. The graph represents possible attack scenarios taking into account network configuration, security policy, malefactor’s locations, knowledge level and strategy. The security metrics describe computer network security at different levels of detail and take into account various aspects of security. Attack scenarios model, common attack graph building procedures, used security metrics, and general security level evaluation are defined. The implemented version of the security analysis system is described, and examples of express-evaluations of security level are considered.

References

  1. Cohen, F., 1999. Simulating Cyber Attacks, Defenses, and Consequences. In IEEE Symposium on Security and Privacy, Berkeley, CA.
  2. CVSS, 2006. Common Vulnerability Scoring System. Retrieved April 14, 2006, from http://www.first.org/cvss/
  3. Dantu, R., Loper, K., Kolan, P., 2004. Risk Management using Behavior based Attack Graphs. In International Conference on Information Technology: Coding and Computing.
  4. FRAP, 2006. Facilitated Risk Analysis Process. Retrieved April 1, 2006, from http://www.peltierassociates.com/
  5. Gorodetski, V., Kotenko, I., 2002. Attacks against Computer Network: Formal Grammar-based Framework and Simulation Tool. LNCS, V.2516.
  6. Hariri, S., Qu, G., Dharmagadda, T., Ramkishore, M., Raghavendra, C. S., 2003. Impact Analysis of Faults and Attacks in Large-Scale Networks. In IEEE Security&Privacy, September/October.
  7. Jha, S., Sheyner, O., Wing, J., 2002. Minimization and reliability analysis of attack graphs. Technical Report CMU-CS-02-109, Carnegie Mellon University.
  8. Lye, K., Wing, J., 2005. Game Strategies in Network Security. International Journal of Information Security, February.
  9. McNab, C., 2004. Network Security Assessment. O'Reilly Media, Inc.
  10. Noel, S., Jajodia, S., 2005. Understanding complex network attack graphs through clustered adjacency matrices. In Proc. 21st Annual Computer Security Conference (ACSAC).
  11. Netfilter, 2006. Netfilter/iptables documentation. Retrieved April 14, 2006, from http://www.netfilter.org/documentation/
  12. NVD, 2006. National Vulnerability Database. Retrieved April 14, 2006, from http://nvd.nist.gov/
  13. NVD-Severity, 2006. National Vulnerability Database Severity Ranking. Retrieved April 14, 2006, from http://nvd.nist.gov/cvss.cfm
  14. OSVDB, 2006. The Open Source Vulnerability Database. Retrieved April 14, 2006, from http://www.osvdb.org/
  15. Ou, X., Govindavajhala, S., Appel, A.W., 2005. MulVAL: A Logic-based Network Security Analyzer. In 14th Usenix Security Symposium.
  16. Peltier, T.R., Peltier, J., Blackley, J.A., 2003. Managing a Network Vulnerability Assessment. Auerbach Publ.
  17. Positif, 2006. Positif Project. Retrieved June 8, 2006, from http://www.positif.org/
  18. Rieke, R., 2004. Tool based formal Modelling, Analysis and Visualisation of Enterprise Network Vulnerabilities utilising Attack Graph Exploration. In Proceedings EICAR.
  19. Ritchey, R. W., Ammann, P., 2000. Using model checking to analyze network vulnerabilities. In IEEE Symposium on Security and Privacy.
  20. Rothmaier, G., Krumm, H., 2005. A Framework Based Approach for Formal Modeling and Analysis of Multilevel Attacks in Computer Networks. LNCS, Vol.3731.
  21. Sheyner, O., Haines, J., Jha, S., etc., 2002. Automated generation and analysis of attack graphs. In IEEE Symposium on Security and Privacy.
  22. Schneier, B., 1999. Attack Trees. Dr. Dobb's Journal, Vol.12.
Download


Paper Citation


in Harvard Style

Kotenko I. and Stepashkin M. (2006). NETWORK SECURITY EVALUATION BASED ON SIMULATION OF MALFACTOR’S BEHAVIOR . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 339-344. DOI: 10.5220/0002102803390344


in Bibtex Style

@conference{secrypt06,
author={Igor Kotenko and Mikhail Stepashkin},
title={NETWORK SECURITY EVALUATION BASED ON SIMULATION OF MALFACTOR’S BEHAVIOR},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={339-344},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002102803390344},
isbn={978-972-8865-63-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - NETWORK SECURITY EVALUATION BASED ON SIMULATION OF MALFACTOR’S BEHAVIOR
SN - 978-972-8865-63-4
AU - Kotenko I.
AU - Stepashkin M.
PY - 2006
SP - 339
EP - 344
DO - 10.5220/0002102803390344