Optimal security hardening on attack tree models of networks: a cost-benefit analysis

Researchers have previously looked into the problem of determining whether a given set of security hardening measures can effectively make a networked system secure. However, system administrators are often faced with a more challenging problem since they have to work within a fixed budget which may be less than the minimum cost of system hardening. An attacker, on the other hand, explores alternative attack scenarios to inflict the maximum damage possible when the security controls are in place, very often rendering the optimality of the controls invalid. In this work, we develop a systematic approach to perform a cost-benefit analysis on the problem of optimal security hardening under such conditions. Using evolutionary paradigms such as multi-objective optimization and competitive co-evolution, we model the attacker-defender interaction as an “arms race”, and explore how security controls can be placed in a network to induce a maximum return on investment.

[1]  R. Dawkins The Blind Watchmaker , 1986 .

[2]  Jackie Rees Ulmer,et al.  Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach , 2006, Decis. Support Syst..

[3]  Shawn A. Butler Security attribute evaluation method: a cost-benefit approach , 2002, ICSE '02.

[4]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[5]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[6]  Enrique Alba,et al.  Parallelism and evolutionary algorithms , 2002, IEEE Trans. Evol. Comput..

[7]  Svein J. Knapskog,et al.  Towards a stochastic model for integrated security and dependability evaluation , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[8]  Brett Berger,et al.  Data-Centric Quantitative Computer Security Risk Assessment , 2003 .

[9]  D. E. Matthews Evolution and the Theory of Games , 1977 .

[10]  R. K. Ursem Multi-objective Optimization using Evolutionary Algorithms , 2009 .

[11]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[12]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[13]  Jordan B. Pollack,et al.  A Game-Theoretic Memory Mechanism for Coevolution , 2003, GECCO.

[14]  Larry Bull,et al.  Coevolutionary computation: an introduction , 1998 .

[15]  D. E. Goldberg,et al.  Genetic Algorithms in Search , 1989 .

[16]  Indrajit Ray,et al.  Using Attack Trees to Identify Malicious Attacks from Authorized Insiders , 2005, ESORICS.

[17]  R. Lewontin Evolution and the theory of games. , 1961, Journal of theoretical biology.

[18]  Robert Axelrod,et al.  The Evolution of Strategies in the Iterated Prisoner's Dilemma , 2001 .

[19]  Wei Jiang,et al.  A Game Theoretic Method for Decision and Analysis of the Optimal Active Defense Strategy , 2007 .

[20]  Theo Dimitrakos,et al.  Formal Aspects in Security and Trust, Fourth International Workshop, FAST 2006, Hamilton, Ontario, Canada, August 26-27, 2006, Revised Selected Papers , 2007, Formal Aspects in Security and Trust.

[21]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[22]  Andrew P. Moore,et al.  Attack Modeling for Information Security and Survivability , 2001 .

[23]  Indrajit Ray,et al.  Optimal security hardening using multi-objective optimization on attack tree models of networks , 2007, CCS '07.

[24]  Lawrence Davis,et al.  Genetic Algorithms and Simulated Annealing , 1987 .

[25]  Sushil Jajodia,et al.  Efficient minimum-cost network hardening via exploit dependency graphs , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[26]  Peng Liu,et al.  Incentive-based modeling and inference of attacker intent, objectives, and strategies , 2003, CCS '03.

[27]  Richard K. Belew,et al.  New Methods for Competitive Coevolution , 1997, Evolutionary Computation.

[28]  Zonghua Zhang,et al.  Boosting Markov Reward Models for Probabilistic Security Evaluation by Characterizing Behaviors of Attacker and Defender , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[29]  Stefano Bistarelli,et al.  Strategic Games on Defense Trees , 2006, Formal Aspects in Security and Trust.

[30]  Jing Zhao,et al.  A Model of Hierarchical Key Assignment Scheme with CRT , 2007 .

[31]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[32]  David E. Goldberg,et al.  Genetic Algorithms in Search Optimization and Machine Learning , 1988 .

[33]  J. Nash NON-COOPERATIVE GAMES , 1951, Classics in Game Theory.

[34]  Jan Willemson,et al.  Rational Choice of Security Measures Via Multi-parameter Attack Trees , 2006, CRITIS.

[35]  Kenneth O. Stanley and Joseph Reisinger and Risto Miikkulainen,et al.  The Dominance Tournament Method of Monitoring Progress in Coevolution , 2002 .

[36]  Charles E. Taylor,et al.  Artificial Life II , 1991 .

[37]  W. Daniel Hillis,et al.  Co-evolving parasites improve simulated evolution as an optimization procedure , 1990 .

[38]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[39]  Svein J. Knapskog,et al.  Using Stochastic Game Theory to Compute the Expected Behavior of Attackers , 2005 .

[40]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[41]  Paul F. Syverson,et al.  A different look at secure distributed computation , 1997, Proceedings 10th Computer Security Foundations Workshop.

[42]  Cynthia A. Phillips,et al.  Computer-attack graph generation tool , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[43]  Paul Fischbeck,et al.  Multi-attribute risk assessment , 2002 .

[44]  Richard K. Belew,et al.  Methods for Competitive Co-Evolution: Finding Opponents Worth Beating , 1995, ICGA.

[45]  Somesh Jha,et al.  Two formal analyses of attack graphs , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[46]  Kalyanmoy Deb,et al.  A fast and elitist multiobjective genetic algorithm: NSGA-II , 2002, IEEE Trans. Evol. Comput..

[47]  Carlos A. Coello Coello,et al.  An updated survey of GA-based multiobjective optimization techniques , 2000, CSUR.

[48]  Goldberg,et al.  Genetic algorithms , 1993, Robust Control Systems with Genetic Algorithms.

[49]  Yi Zhang,et al.  Two Formal Analysis of Attack Graphs: Two Formal Analysis of Attack Graphs , 2010 .