Optimal Network Security Hardening Using Attack Graph Games

Preventing attacks in a computer network is the core problem in network security. We introduce a new game-theoretic model of the interaction between a network administrator who uses limited resource to harden a network and an attacker who follows a multi-stage plan to attack the network. The possible plans of the attacker are compactly represented using attack graphs, while the defender adds fake targets (honeypots) to the network to deceive the attacker. The compact representation of the attacker's strategies presents a computational challenge and finding the best response of the attacker is NP-hard. We present a solution method that first translates an attack graph into an MDP and solves it using policy search with a set of pruning techniques. We present an empirical evaluation of the model and solution algorithms, evaluating scalability, the types of solutions that are generated for realistic cases, and sensitivity analysis.

[1]  J. Meigs,et al.  WHO Technical Report , 1954, The Yale Journal of Biology and Medicine.

[2]  R Bellman,et al.  DYNAMIC PROGRAMMING AND LAGRANGE MULTIPLIERS. , 1956, Proceedings of the National Academy of Sciences of the United States of America.

[3]  Nils J. Nilsson,et al.  Artificial Intelligence , 1974, IFIP Congress.

[4]  Editors , 1986, Brain Research Bulletin.

[5]  E. Rasmussen Games and Information , 1989 .

[6]  이영희 IN 과 CCS , 1989 .

[7]  A. Rubinstein Modeling Bounded Rationality , 1998 .

[8]  R. McKelvey,et al.  Quantal Response Equilibria for Extensive Form Games , 1998 .

[9]  Jesse Hoey,et al.  SPUDD: Stochastic Planning using Decision Diagrams , 1999, UAI.

[10]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[11]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[12]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[13]  Sushil Jajodia,et al.  Managing attack graph complexity through visual hierarchical aggregation , 2004, VizSEC/DMSEC '04.

[14]  Philip K. Chan,et al.  Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security , 2004, CCS 2004.

[15]  Colin Camerer,et al.  A Cognitive Hierarchy Model of Games , 2004 .

[16]  Mark S. Boddy,et al.  Course of Action Generation for Cyber Security Using Classical Planning , 2005, ICAPS.

[17]  Roger Grimes,et al.  Honeypots for Windows , 2005 .

[18]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[19]  S. Erfani,et al.  Journal of network and systems management , 2005, Journal of Network and Systems Management.

[20]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[21]  Russell Greiner,et al.  Finding optimal satisficing strategies for and-or trees , 2006, Artif. Intell..

[22]  Vincent Conitzer,et al.  Computing the optimal strategy to commit to , 2006, EC '06.

[23]  Glen Henderson,et al.  MulVAL Extensions for Dynamic Asset Protection , 2006 .

[24]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[25]  Richard Lippmann,et al.  Practical Attack Graph Generation for Network Defense , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[26]  Viliam Lisý,et al.  Unconstrained Influence Diagram Solver: Guido , 2007, 19th IEEE International Conference on Tools with Artificial Intelligence(ICTAI 2007).

[27]  Xinming Ou,et al.  Identifying Critical Attack Assets in Dependency Attack Graphs , 2008, ESORICS.

[28]  Sushil Jajodia,et al.  Optimal IDS Sensor Placement and Alert Prioritization Using Attack Graphs , 2008, Journal of Network and Systems Management.

[29]  J. Homer A Sound and Practical Approach to Quantifying Security Risk in Enterprise Networks ∗ , 2009 .

[30]  Daniel Grosu,et al.  A Game Theoretic Investigation of Deception in Network Security , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[31]  Peter Y. A. Ryan,et al.  Journal of Computer SecuritySpecial Number devoted to the best papers of the Security Track at the 2006 ACM Symposium on Applied Computing , 2009, J. Comput. Secur..

[32]  Vinod Yegneswaran,et al.  An Attacker-Defender Game for Honeynets , 2009, COCOON.

[33]  Mahmoud T. Qassrawi,et al.  Deception Methodology in Virtual Honeypots , 2010, 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing.

[34]  Sushil Jajodia,et al.  Measuring Security Risk of Networks Using Attack Graphs , 2010, Int. J. Next Gener. Comput..

[35]  Milind Tambe,et al.  Security and Game Theory - Algorithms, Deployed Systems, Lessons Learned , 2011 .

[36]  Ahto Buldas,et al.  Upper Bounds for Adversaries' Utility in Attack Trees , 2012, GameSec.

[37]  Viliam Lisý,et al.  Computing Optimal Attack Strategies Using Unconstrained Influence Diagrams , 2013, PAISI.

[38]  David A. Schmidt,et al.  Aggregating vulnerability metrics in enterprise networks using attack graphs , 2013, J. Comput. Secur..

[39]  Carlos Sarraute,et al.  Attack Planning in the Real World , 2013, ArXiv.

[40]  松本 晋一,et al.  第23回USENIX Security Symposium参加報告 , 2015 .