Network security risk assessment method based on HMM and attack graph model

The ever-increasing complexity of computer network and various new types of bugs make the network security become an ever-growing serious challenge. In the evaluation of network security risk, the cause-and-effect relationship between multiple attack steps can be described well in an attack graph model. However, its test result is uncertain. Focused on this issue, the method of fusing attack graph model and Hidden Markov model (HMM) was proposed. Firstly, the network environment and attacker's aggressive behavior were abstracted by the attack graph model; Secondly, the probabilistic mapping that was between network observation and attack status was established by the HMM; Finally, the Viterbi algorithm was used to calculate the maximum probability state transition sequence. Experimental results show that the maximum probability of the state transition sequence can be effectively calculated and then the attack intention can be accurately inferred by this dual model. This method provides a good configuration for network security administrators.

[1]  Youki Kadobayashi,et al.  Exploring attack graph for cost-benefit security hardening: A probabilistic approach , 2013, Comput. Secur..

[2]  JajodiaSushil,et al.  Minimum-cost network hardening using attack graphs , 2006 .

[3]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[4]  Phongphun Kijsanayothin,et al.  Analytical Approach to Attack Graph Analysis for Network Security , 2010, 2010 International Conference on Availability, Reliability and Security.

[5]  Wang Guo-yu Study of network security evaluation based on attack graph model , 2007 .

[6]  Giovanni Vigna,et al.  Using Hidden Markov Models to Evaluate the Risks of Intrusions , 2006, RAID.

[7]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[8]  Richard Lippmann,et al.  Modeling Modern Network Attacks and Countermeasures Using Attack Graphs , 2009, 2009 Annual Computer Security Applications Conference.

[9]  Yan Jia,et al.  An Attack Graph-Based Probabilistic Computing Approach of Network Security: An Attack Graph-Based Probabilistic Computing Approach of Network Security , 2010 .

[10]  Sushil Jajodia,et al.  Minimum-cost network hardening using attack graphs , 2006, Comput. Commun..

[11]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[12]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[13]  Xu Xi,et al.  An Attack Graph-Based Probabilistic Computing Approach of Network Security , 2010 .

[14]  Peng Liu,et al.  Using Bayesian networks for cyber security analysis , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[15]  Sushil Jajodia,et al.  An Attack Graph-Based Probabilistic Security Metric , 2008, DBSec.

[16]  Xing Xu A Survey of Computer Vulnerability Assessment , 2004 .

[17]  Sushil Jajodia,et al.  Multiple coordinated views for network attack graphs , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..