Security Modelling and Analysis of Dynamic Enterprise Networks

Dynamic networks can be characterised by many factors such as changes (e.g., vulnerability change, update of applications and services, topology changes). It is of vital importance to assess the security of such dynamic networks in order to improve the security of them. One way to assess the security is to use a graphical security model. However, the existing graphical security models (e.g., attack graphs and attack trees) have only considered static networks (i.e. the network does not change). It is also unclear how the existing cyber security metrics (e.g., attack cost, shortest attack path) change when the network configuration changes over time. To address this problem, we propose (i) to develop a novel graphical security model named Temporal-Hierarchical Attack Representation Model (T-HARM) to capture network changes and (ii) investigate the effect of network change on the existing cyber security metrics based on the proposed security model. We show how the existing security metrics change when the status of vulnerabilities changes.

[1]  Vassilis Kostakos Temporal Graphs , 2014, Encyclopedia of Social Network Analysis and Mining.

[2]  Jin B. Hong,et al.  What Vulnerability Do We Need to Patch First? , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[3]  Cynthia A. Phillips,et al.  Computer-attack graph generation tool , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[4]  Tom A. B. Snijders,et al.  Social Network Analysis , 2011, International Encyclopedia of Statistical Science.

[5]  Kristina Lerman,et al.  Centrality metric for dynamic networks , 2010, MLG '10.

[6]  Nicola Santoro,et al.  Time-Varying Graphs and Social Network Analysis: Temporal Indicators and Metrics , 2011, ArXiv.

[7]  Dong Seong Kim,et al.  Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees , 2012, Secur. Commun. Networks.

[8]  Afonso Ferreira,et al.  Evolving graphs and least cost journeys in dynamic networks , 2003 .

[9]  Eric Fleury,et al.  A unifying model for representing time-varying graphs , 2014, 2015 IEEE International Conference on Data Science and Advanced Analytics (DSAA).

[10]  Jin B. Hong,et al.  Scalable Security Model Generation and Analysis Using k-importance Measures , 2013, SecureComm.

[11]  Sushil Jajodia,et al.  Network Hardening: An Automated Approach to Improving Network Security , 2014 .

[12]  Rayford B. Vaughn,et al.  Cluster Security Research Involving the Modeling of Network Exploitations Using Exploitation Graphs , 2006 .

[13]  Rayford B. Vaughn,et al.  Cluster Security Research Involving the Modeling of Network Exploitations Using Exploitation Graphs , 2006, Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID'06).

[14]  Jin B. Hong,et al.  Assessing the Effectiveness of Moving Target Defenses Using Security Models , 2016, IEEE Transactions on Dependable and Secure Computing.

[15]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[16]  Robert A. Small,et al.  Reducing Internet-Based Intrusions: Effective Security Patch Management , 2003, IEEE Softw..

[17]  Afonso Ferreira,et al.  Building a reference combinatorial model for MANETs , 2004, IEEE Network.

[18]  Cecilia Mascolo,et al.  Applications of Temporal Graph Metrics to Real-World Networks , 2013, ArXiv.

[19]  R. Cunningham,et al.  Validating and Restoring Defense in Depth Using Attack Graphs , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[20]  Kjell Hausken,et al.  Defending against multiple different attackers , 2011, Eur. J. Oper. Res..

[21]  Vamsi Paruchuri,et al.  Threat modeling using attack trees , 2008 .

[22]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[23]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[24]  Anoop Singhal,et al.  Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs , 2011 .

[25]  Rodolphe Ortalo,et al.  Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security , 1999, IEEE Trans. Software Eng..

[26]  Layne T. Watson,et al.  Security Optimization of Dynamic Networks with Probabilistic Graph Modeling and Linear Programming , 2016, IEEE Transactions on Dependable and Secure Computing.

[27]  Sushil Jajodia,et al.  Measuring network security using dynamic bayesian network , 2008, QoP '08.

[28]  Dan Braha,et al.  From Centrality to Temporary Fame: Dynamic Centrality in Complex Networks , 2006, Complex..

[29]  Amit Kumar,et al.  Connectivity and inference problems for temporal networks , 2000, Symposium on the Theory of Computing.

[30]  Suku Nair,et al.  Predictive Cyber-security Analytics Framework: A non-homogenous Markov model for Security Quantification , 2014, NETCOM 2014.

[31]  Henry Tucker,et al.  Bring Your Own Device , 2016 .

[32]  Bharat K. Bhargava,et al.  Extending Attack Graph-Based Security Metrics and Aggregating Their Application , 2012, IEEE Transactions on Dependable and Secure Computing.

[33]  Bharat Bhargava,et al.  Characterizing and aggregating attack graph-based security metric , 2010 .