Cyber Security Analytics: A Stochastic Model for Security Quantification Using Absorbing Markov Chains

Most of the current research in security analysis has been centered on identifying threats and vulnerabilities and providing suitable defense mechanisms to improve the robustness of the network and systems. While this approach is attractive, it provides limited insight into understanding the impact these attacks have on the overall security goals of the network and the system. Attack Graph as a model lends itself nicely to the analysis of the security state of a network. Most of the Attack graph based metrics proposed in the literature are one dimensional; however the research community has acknowledged the fact that security needs to be treated as a multidimensional concept. In this paper, we utilize stochastic modeling techniques using Attack graphs to define a complementary suite of quantitative metrics to aid the security engineer in visualizing the current as well as future security state of the network and optimizing the necessary steps to harden the enterprise network from external threats. We present experimental results from applying this model on a sample network to demonstrate the practicality of our approach.

[1]  W. Thomson Popular Lectures and Addresses: Contents , 1891 .

[2]  Marc Dacier,et al.  Privilege Graph: an Extension to the Typed Access Matrix Model , 1994, ESORICS.

[3]  Mica R. Endsley,et al.  Toward a Theory of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[4]  Kishor S. Trivedi,et al.  Performance and Reliability Analysis of Computer Systems , 1996, Springer US.

[5]  Kishor S. Trivedi,et al.  Performance And Reliability Analysis Of Computer Systems (an Example-based Approach Using The Sharpe Software , 1997, IEEE Transactions on Reliability.

[6]  Boudewijn R. Haverkort,et al.  Performance and reliability analysis of computer systems: An example-based approach using the sharpe software package , 1998 .

[7]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[8]  Rodolphe Ortalo,et al.  Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security , 1999, IEEE Trans. Software Eng..

[9]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[10]  Cynthia A. Phillips,et al.  Computer-attack graph generation tool , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[11]  Kwan-Liu Ma,et al.  Case study: Interactive visualization for Internet security , 2002, IEEE Visualization, 2002. VIS 2002..

[12]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[13]  Jeannette M. Wing,et al.  Tools for Generating and Analyzing Attack Graphs , 2003, FMCO.

[14]  Chris North,et al.  Home-centric visualization of network traffic for security administration , 2004, VizSEC/DMSEC '04.

[15]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[16]  Gunter Bolch,et al.  Queueing Networks and Markov Chains , 2005 .

[17]  Jason Shifflet A TECHNIQUE INDEPENDENT FUSION MODEL FOR NETWORK INTRUSION DETECTION , 2005 .

[18]  N. Rao,et al.  Distributed Intrusion Detection and Attack Containment for Organizational Cyber Security , 2005 .

[19]  Svein J. Knapskog,et al.  On Stochastic Modeling for Integrated Security and Dependability Evaluation , 2006, J. Networks.

[20]  Wang Hui,et al.  Survey of Network Situation Awareness System , 2006 .

[21]  Hanno Langweg,et al.  Framework for malware resistance metrics , 2006, QoP '06.

[22]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[23]  Guan Xiaohong,et al.  Quantitative Hierarchical Threat Evaluation Model for Network Security , 2006 .

[24]  Ehab Al-Shaer,et al.  Vulnerability analysis For evaluating quality of protection of security policies , 2006, QoP '06.

[25]  Rayford B. Vaughn,et al.  Cluster Security Research Involving the Modeling of Network Exploitations Using Exploitation Graphs , 2006, Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID'06).

[26]  Sushil Jajodia,et al.  Measuring the Overall Security of Network Configurations Using Attack Graphs , 2007, DBSec.

[27]  Sushil Jajodia,et al.  Toward measuring network security using attack graphs , 2007, QoP '07.

[28]  Andrew Jaquith Security Metrics: Replacing Fear, Uncertainty, and Doubt , 2007 .

[29]  S. Radack The Common Vulnerability Scoring System (CVSS) , 2007 .

[30]  Sushil Jajodia,et al.  An Attack Graph-Based Probabilistic Security Metric , 2008, DBSec.

[31]  Sushil Jajodia,et al.  Advanced Cyber Attack Modeling Analysis and Visualization , 2010 .

[32]  Pavol Zavarsky,et al.  A software application to analyze the effects of temporal and environmental metrics on overall CVSS v2 score , 2011, 2011 World Congress on Internet Security (WorldCIS-2011).

[33]  Shaoyi Song,et al.  A Novel Extended Algorithm for Network Security Situation Awareness , 2011, 2011 International Conference on Computer and Management (CAMAN).

[34]  Soumya K. Ghosh,et al.  Analysis of attack graph-based metrics for quantification of network security , 2012, 2012 Annual IEEE India Conference (INDICON).

[35]  Bharat K. Bhargava,et al.  Extending Attack Graph-Based Security Metrics and Aggregating Their Application , 2012, IEEE Transactions on Dependable and Secure Computing.

[36]  Воробьев Антон Александрович Анализ уязвимостей вычислительных систем на основе алгебраических структур и потоков данных National Vulnerability Database , 2013 .