A stochastic model of maliciel process attack for the evaluation of network security

To trust a computer system that is supposed to be secure, it is necessary to predict the degree to which the system's security level can be achieved when operating in a specific environment under attacks. In this paper, the main focus of the study is on how to model the progression of an attack process over time, we propose a stochastic model based on chains Markov. The basic assumption of our model is that the time parameter plays the essential role in capturing the nature of an attack process. In practice, the attack process will terminate successfully, possibly after a number of unsuccessful attempts. What is important is, indeed, the estimation of how long it takes to be conducted. The proposed stochastic model is parameterized based on a suitable definition of time distributions describing attacker's actions and system's reactions over time. For this purpose, probability distribution functions are defined and assigned to transitions of the model for characterizing the temporal aspects of the attacker and system behavior. The proposed method shows a systematic development of the stochastic modeling techniques and concepts, used frequently in the area of dependability evaluation, for attack process modeling.

[1]  Marc Dacier,et al.  Empirical analysis and statistical modeling of attack processes based on honeypots , 2007, ArXiv.

[2]  William H. Sanders,et al.  Model-based Security Metrics Using ADversary VIew Security Evaluation (ADVISE) , 2011, 2011 Eighth International Conference on Quantitative Evaluation of SysTems.

[3]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[4]  James P. McDermott,et al.  Attack net penetration testing , 2001, NSPW '00.

[5]  William H. Sanders,et al.  Model-based evaluation: from dependability to security , 2004, IEEE Transactions on Dependable and Secure Computing.

[6]  T. Tidwell,et al.  Modeling Internet Attacks , 2022 .

[7]  David John Leversage,et al.  Estimating a System's Mean Time-to-Compromise , 2008, IEEE Security & Privacy.

[8]  Ulf Lindqvist,et al.  Modeling multistep cyber attacks for scenario recognition , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[9]  Bharat B. Madan,et al.  A method for modeling and quantifying the security attributes of intrusion tolerant systems , 2004, Perform. Evaluation.

[10]  Anas Abou El Kalam,et al.  Execution Patterns in Automatic Malware and Human-Centric Attacks , 2008, 2008 Seventh IEEE International Symposium on Network Computing and Applications.

[11]  Marc Dacier,et al.  Privilege Graph: an Extension to the Typed Access Matrix Model , 1994, ESORICS.

[12]  Steven J. Templeton,et al.  A requires/provides model for computer attacks , 2001, NSPW '00.

[13]  Stephen D. Wolthusen,et al.  Modeling and execution of complex attack scenarios using interval timed colored Petri nets , 2006, Fourth IEEE International Workshop on Information Assurance (IWIA'06).