Quantitative Method for Network Security Situation Based on Attack Prediction

Multistep attack prediction and security situation awareness are two big challenges for network administrators because future is generally unknown. In recent years, many investigations have been made. However, they are not sufficient. To improve the comprehensiveness of prediction, in this paper, we quantitatively convert attack threat into security situation. Actually, two algorithms are proposed, namely, attack prediction algorithm using dynamic Bayesian attack graph and security situation quantification algorithm based on attack prediction. The first algorithm aims to provide more abundant information of future attack behaviors by simulating incremental network penetration. Through timely evaluating the attack capacity of intruder and defense strategies of defender, the likely attack goal, path, and probability and time-cost are predicted dynamically along with the ongoing security events. Furthermore, in combination with the common vulnerability scoring system (CVSS) metric and network assets information, the second algorithm quantifies the concealed attack threat into the surfaced security risk from two levels: host and network. Examples show that our method is feasible and flexible for the attack-defense adversarial network environment, which benefits the administrator to infer the security situation in advance and prerepair the critical compromised hosts to maintain normal network communication.

[1]  Stefan Arnborg,et al.  Bayesian Games for Threat Prediction and Situation Analysis , 2004 .

[2]  Deborah A. Frincke,et al.  Improving the quality of alerts and predicting intruder's next goal with Hidden Colored Petri-Net , 2007, Comput. Networks.

[3]  Shanchieh Jay Yang,et al.  Projecting Cyberattacks Through Variable-Length Markov Models , 2008, IEEE Transactions on Information Forensics and Security.

[4]  Simon A. Dobson,et al.  Situation identification techniques in pervasive computing: A review , 2012, Pervasive Mob. Comput..

[5]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[6]  Yi Lin,et al.  Vulnerability of complex networks under three-level-tree attacks , 2016 .

[7]  Li Wang,et al.  An ARIMA‐ANN Hybrid Model for Time Series Forecasting , 2013 .

[8]  Ting Wang,et al.  Overview on attack graph generation and visualization technology , 2013, 2013 International Conference on Anti-Counterfeiting, Security and Identification (ASID).

[9]  Chuang Lin,et al.  Modeling and security analysis of enterprise network using attack-defense stochastic game Petri nets , 2013, Secur. Commun. Networks.

[10]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[11]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[12]  Yang Xiao,et al.  Game Theory for Network Security , 2013, IEEE Communications Surveys & Tutorials.

[13]  Jiang,et al.  A hierarchical algorithm for cyberspace situational awareness based on analytic hierarchy process , 2007 .

[14]  Yuan Liu,et al.  Network security risk assessment method based on HMM and attack graph model , 2016, 2016 17th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD).

[15]  Satish Vadlamani,et al.  Interdicting attack graphs to protect organizations from cyber attacks: A bi-level defender-attacker model , 2016, Comput. Oper. Res..

[16]  Jun Wang,et al.  A new improved forecasting method integrated fuzzy time series with the exponential smoothing method , 2013 .

[17]  Wenxia Liu,et al.  Security Assessment for Communication Networks of Power Control Systems Using Attack Graph and MCDM , 2010, IEEE Transactions on Power Delivery.

[18]  Jose B. Cruz,et al.  Game Theoretic Approach to Threat Prediction and Situation Awareness , 2006, 2006 9th International Conference on Information Fusion.

[19]  Hassan Takabi,et al.  A comprehensive approach for network attack forecasting , 2016, Comput. Secur..

[20]  Indrajit Ray,et al.  Measuring, analyzing and predicting security vulnerabilities in software systems , 2007, Comput. Secur..

[21]  Mica R. Endsley,et al.  Design and Evaluation for Situation Awareness Enhancement , 1988 .

[22]  Peng Li,et al.  A network security situation evaluation method based on D-S evidence theory , 2010, 2010 The 2nd Conference on Environmental Science and Information Application Technology.

[23]  Wang Huiqiang,et al.  Dynamic awareness of network security situation based on stochastic game theory , 2010, The 2nd International Conference on Software Engineering and Data Mining.

[24]  Ouissem Ben Fredj A realistic graph-based alert correlation system , 2015, Secur. Commun. Networks.

[25]  Wenke Lee,et al.  Discovering Novel Attack Strategies from INFOSEC Alerts , 2004, ESORICS.

[26]  Shanchieh Jay Yang,et al.  Intrusion activity projection for cyber situational awareness , 2008, 2008 IEEE International Conference on Intelligence and Security Informatics.

[27]  S. Radack The Common Vulnerability Scoring System (CVSS) , 2007 .