A Method for Estimation of the Success Probability of an Intrusion Process by Considering the Temporal Aspects of the Attacker Behavior

The aim is to propose a new approach for stochastic modeling of an intrusion process and quantitative evaluation of the probability of the attacker success. In many situations of security analysis, it is necessary to obtain the probabilities of success for attackers in an intrusion process. In the proposed method, the intrusion process is considered as elementary attack phases. In each atomic phase the attacker and the system interact and this interaction can transfer the current system state to a secure or failure state. Intrusion process modeling is done by a semi-Markov chain (SMC). The distribution functions assigned to the SMC transitions are a linear combination of some uniform distributions. These mixture distributions represent the time distribution of the attacker or the system in the transient states. In order to evaluate the security measure, the SMC is converted into a discrete-time Markov chain (DTMC) and then the resulting DTMC is analyzed and the probability of the attacker success is computed based on mathematical theorems. The desired security measure is evaluated with respect to the temporal aspects of the attacker behavior.

[1]  Svein J. Knapskog,et al.  Using Stochastic Game Theory to Compute the Expected Behavior of Attackers , 2005 .

[2]  Kishor S. Trivedi Probability and Statistics with Reliability, Queuing, and Computer Science Applications , 1984 .

[3]  Steven J. Templeton,et al.  A requires/provides model for computer attacks , 2001, NSPW '00.

[4]  William H. Sanders,et al.  Probabilistic validation of an intrusion-tolerant replication system , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[5]  Kishor S. Trivedi,et al.  Security analysis of SITAR intrusion tolerance system , 2003, SSRS '03.

[6]  Karin Sallhammar,et al.  Using Game Theory in Stochastic Models for Quantifying Security , 2004 .

[7]  Gunter Bolch,et al.  Queueing Networks and Markov Chains - Modeling and Performance Evaluation with Computer Science Applications, Second Edition , 1998 .

[8]  Miles A. McQueen,et al.  Time-to-Compromise Model for Cyber Risk Reduction Estimation , 2006, Quality of Protection.

[9]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[10]  Marc Dacier,et al.  Empirical analysis and statistical modeling of attack processes based on honeypots , 2007, ArXiv.

[11]  Kishor S. Trivedi,et al.  System availability with non-exponentially distributed outages , 2002, IEEE Trans. Reliab..

[12]  Rodolphe Ortalo,et al.  Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security , 1999, IEEE Trans. Software Eng..

[13]  Kishor S. Trivedi,et al.  Characterizing intrusion tolerant systems using a state transition model , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[14]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[15]  David Wright,et al.  Towards Operational Measures of Computer Security , 1993, J. Comput. Secur..

[16]  William H. Sanders,et al.  Model-based validation of an intrusion-tolerant information system , 2004, Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, 2004..

[17]  William H. Sanders,et al.  Model-based evaluation: from dependability to security , 2004, IEEE Transactions on Dependable and Secure Computing.

[18]  Erland Jonsson,et al.  Towards an integrated conceptual model of security and dependability , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[19]  Bharat B. Madan,et al.  A method for modeling and quantifying the security attributes of intrusion tolerant systems , 2004, Perform. Evaluation.

[20]  Gunter Bolch,et al.  Queueing Networks and Markov Chains , 2005 .

[21]  S. Bhattacharya,et al.  A Vulnerability and Exploit Independent Approach for Attack Path Prediction , 2008, 2008 IEEE 8th International Conference on Computer and Information Technology Workshops.

[22]  Svein J. Knapskog,et al.  On Stochastic Modeling for Integrated Security and Dependability Evaluation , 2006, J. Networks.

[23]  Karin Sallhammar,et al.  Stochastic Models for Combined Security and Dependability Evaluation , 2007 .

[24]  Corrado Priami,et al.  A Quantitative Study of Two Attacks , 2005, Electron. Notes Theor. Comput. Sci..

[25]  Tomas Olovsson,et al.  A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior , 1997, IEEE Trans. Software Eng..

[26]  Rasool Jalili,et al.  Modeling and Verification of Complex Network Attacks Using an Actor-Based Language * , 2006 .