A framework for analyzing and mitigating the vulnerabilities of complex systems via attack and protection trees

In recent years, attack trees have been developed to describe processes by which malicious users attempt to exploit or break complex systems. Attack trees offer a method of decomposing, visualizing, and determining the cost or likelihood of attacks. Attack trees by themselves do not provide enough decision support to system defenders. The defenders need methods to determine which protections to implement and where to place them in the system to mitigate the vulnerabilities found. This research develops the concept of using protection trees to offer a detailed risk analysis for the protection of a system. In addition to developing protection trees, this research improves the existing concept of attack trees as well as developing rule sets for the manipulation of metrics used in the security of complex systems. This research specifically develops the framework for using an attack and protection tree methodology to analyze the security of complex systems. To accomplish this, the structure of attack trees is extended and modified to create the concept of protection trees. To validate the effectiveness of the methodology, the Schematic Protection Model (SPM) is used. The SPM is extended and applied to verify that a system protected using the attack and protection tree methodology is safe. To demonstrate the general usefulness of this novel methodology, it is used to analyze the security of several varied domains including computer networks, online banking, homeland security, and mobile ad hoc networks.

[1]  Andrew P. Moore,et al.  Foundations for Survivable System Development: Service Traces, Intrusion Traces, and Evaluation Models , 2001 .

[2]  Dharma P. Agrawal,et al.  Routing security in wireless ad hoc networks , 2002, IEEE Commun. Mag..

[3]  Jerald Dawkins,et al.  A structural framework for modeling multi-stage network attacks , 2002, Proceedings. International Conference on Parallel Processing Workshop.

[4]  Wenke Lee,et al.  Intrusion Detection Techniques for Mobile Wireless Networks , 2003, Wirel. Networks.

[5]  Marianne Swanson,et al.  Security metrics guide for information technology systems , 2003 .

[6]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[7]  Simon M. Garrett,et al.  How Do We Evaluate Artificial Immune Systems? , 2005, Evolutionary Computation.

[8]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[9]  Richard F. Paige,et al.  Fault trees for security system design and analysis , 2003, Comput. Secur..

[10]  A. Perelson,et al.  Predicting the size of the T-cell receptor and antibody combining region from consideration of efficient self-nonself discrimination. , 1993, Proceedings of the National Academy of Sciences of the United States of America.

[11]  S. Forrest,et al.  Immunology as Information Processing , 2001 .

[12]  Bruce Schneier,et al.  MODELING SECURITY THREATS , 1999 .

[13]  Steven R. Gordon,et al.  Real world anti-virus product reviews and evaluations -- the current state of affairs , 1996 .

[14]  Gregg Schudel,et al.  Adversary work factor as a metric for information assurance , 2001, NSPW '00.

[15]  V.K. Wei,et al.  A taxonomy for attacks on mobile agent , 2001, EUROCON'2001. International Conference on Trends in Communications. Technical Program, Proceedings (Cat. No.01EX439).

[16]  Andrew P. Moore,et al.  Attack Modeling for Information Security and Survivability , 2001 .

[17]  Stefano Bistarelli,et al.  Defense trees for economic evaluation of security investments , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[18]  Kaarina Karppinen,et al.  Security Measurement based on Attack Trees in a Mobile Ad Hoc Network Environment: Master's thesis , 2005 .

[19]  Gilbert L. Peterson,et al.  An artificial immune system-inspired multiobjective evolutionary algorithm with application to the detection of distributed computer network intrusions , 2007, GECCO '07.

[20]  Eldad Eilam,et al.  Reversing: Secrets of Reverse Engineering , 2005 .

[21]  Ratan K. Guha,et al.  Effective intrusion detection using multiple sensors in wireless ad hoc networks , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[22]  Ravi S. Sandhu,et al.  Safety analysis for the extended schematic protection model , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[23]  D. Pinto Secrets and Lies: Digital Security in a Networked World , 2003 .

[24]  David B. Fogel,et al.  Evolutionary algorithms in theory and practice , 1997, Complex.

[25]  Einar Snekkenes,et al.  A classification of malicious software attacks , 2004, IEEE International Conference on Performance, Computing, and Communications, 2004.

[26]  Mika Stahlberg,et al.  HIDE 'N SEEK REVISITED - FULL STEALTH IS BACK , 2005 .

[27]  Bruce Schneier,et al.  Toward a secure system engineering methodolgy , 1998, NSPW '98.

[28]  Ravi S. Sandhu,et al.  Extending the creation operation in the Schematic Protection Model , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[29]  Ravi S. Sandhu,et al.  The schematic protection model: its definition and analysis for acyclic attenuating schemes , 1988, JACM.

[30]  Steven B. Kleiboeker,et al.  Applications of Competitor RNA in Diagnostic Reverse Transcription-PCR , 2003, Journal of Clinical Microbiology.

[31]  Jonathon T. Giffin,et al.  Strengthening software self-checksumming via self-modifying code , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[32]  Ricardo Staciarini Puttini,et al.  Security in Ad Hoc Networks: a General Intrusion Detection Architecture Enhancing Trust Based Approaches , 2002, Wireless Information Systems.

[33]  Xin Yao,et al.  Fast Evolution Strategies , 1997, Evolutionary Programming.

[34]  Gary B. Lamont,et al.  A distributed architecture for a self-adaptive computer virus immune system , 1999 .

[35]  Ravi S. Sandhu Undecidability of Safety for the Schematic Protection Model with Cyclic Creates , 1992, J. Comput. Syst. Sci..

[36]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[37]  Jean-Yves Le Boudec,et al.  An Artificial Immune System for Misbehavior Detection in Mobile Ad-Hoc Networks with Virtual Thymus, Clustering, Danger Signal and Memory Detectors , 2004, Int. J. Unconv. Comput..

[38]  Michael R. Grimaila,et al.  The Use of Attack and Protection Trees to Analyze Security for an Online Banking System , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[39]  Gregg H. Gunsch,et al.  An artificial immune system architecture for computer security applications , 2002, IEEE Trans. Evol. Comput..

[40]  Jonathan Timmis,et al.  Artificial Immune Systems: A New Computational Intelligence Approach , 2003 .

[41]  Stephanie Forrest,et al.  An immunological model of distributed detection and its application to computer security , 1999 .

[42]  Jean-Yves Le Boudec,et al.  An artificial immune system approach with secondary response for misbehavior detection in mobile ad hoc networks , 2005, IEEE Transactions on Neural Networks.

[43]  Anupam Joshi,et al.  Secure Routing and Intrusion Detection in Ad Hoc Networks , 2005, Third IEEE International Conference on Pervasive Computing and Communications.

[44]  R. A. Moore,et al.  The Information Battlespace preparation experiment , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[45]  T. Tidwell,et al.  Modeling Internet Attacks , 2022 .

[46]  Salim Hariri,et al.  Impact Analysis of Faults and Attacks in Large-Scale Networks , 2003, IEEE Secur. Priv..

[47]  Gary B. Lamont,et al.  A retrovirus inspired algorithm for virus detection & optimization , 2006, GECCO.

[48]  Ravi S. Sandhu,et al.  The Demand Operation in the Schematic Protection Model , 1989, Inf. Process. Lett..

[49]  Christian S. Collberg,et al.  A Taxonomy of Obfuscating Transformations , 1997 .

[50]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[51]  Antonio Alfredo Ferreira Loureiro,et al.  Decentralized intrusion detection in wireless sensor networks , 2005, Q2SWinet '05.

[52]  Dan Boneh,et al.  On genetic algorithms , 1995, COLT '95.

[53]  R.F. Mills,et al.  Using Attack and Protection Trees to Analyze Threats and Defenses to Homeland Security , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[54]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[55]  Stacy J. Prowell,et al.  Cleanroom software engineering: technology and process , 1999 .

[56]  Ron Kohavi,et al.  A Study of Cross-Validation and Bootstrap for Accuracy Estimation and Model Selection , 1995, IJCAI.

[57]  Gary B. Lamont,et al.  Multi-objective Mobile Network Anomaly Intrusion , 2006 .

[58]  Markus Schumacher,et al.  Collaborative attack modeling , 2002, SAC '02.

[59]  Bruce Schneier,et al.  Secrets and Lies: Digital Security in a Networked World , 2000 .

[60]  Symeon Papavassiliou,et al.  Network intrusion and fault detection: a statistical anomaly approach , 2002, IEEE Commun. Mag..

[61]  Gilbert L. Peterson,et al.  An evolutionary algorithm to generate hyper-ellipsoid detectors for negative selection , 2005, GECCO '05.

[62]  Bruce Schneier,et al.  Beyond fear - thinking sensibly about security in an uncertain world , 2003 .

[63]  Fabio A. González,et al.  An immunity-based technique to characterize intrusions in computer networks , 2002, IEEE Trans. Evol. Comput..

[64]  Peter Szor,et al.  The Art of Computer Virus Research and Defense , 2005 .

[65]  D. Dasgupta Artificial Immune Systems and Their Applications , 1998, Springer Berlin Heidelberg.

[66]  John Hale,et al.  A systematic approach to multi-stage network attack analysis , 2004, Second IEEE International Information Assurance Workshop, 2004. Proceedings..

[67]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[68]  Edward G. Amoroso,et al.  Fundamentals of computer security technology , 1994 .

[69]  Leandro Nunes de Castro,et al.  An Overview of Artificial Immune Systems , 2004 .

[70]  Peter Liggesmeyer,et al.  Improving system reliability with automatic fault tree generation , 1998, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224).

[71]  BOARD OF GOVERNORS,et al.  TO THE OFFICER IN CHARGE OF SUPERVISION AND APPROPRIATE SUPERVISORY AND EXAMINATION STAFF AT EACH FEDERAL RESERVE BANK, AND TO BANKING ORGANIZATIONS SUPERVISED BY THE FEDERAL RESERVE SUBJECT: Interagency Guidance on Authentication in an Internet Banking Environment , 2005 .

[72]  Shirley C. Payne,et al.  A Guide to Security Metrics , 2007 .