Guiding Threat Analysis with Threat Source Models

Threat analysis identifies how potential adversaries exploit system weaknesses to achieve their goals. Attack graphs are one method to conduct threat analysis by exposing vulnerability relationships, allowing administrators to pinpoint high risk paths. However, computational and cognitive complexity challenges must be dealt with. One method for managing threat analysis and attack graph complexity is to differentiate between likely and unlikely attack paths using threat source models. Threat source models are used during risk assessments to describe likely and unlikely adversary behavior, and so can be used for the same purpose during attack graph analysis. The framework presented here allows threat source models to guide attack graph generation to remove unlikely attack paths.

[1]  Shelby Evans,et al.  Risk-based Systems Security Engineering: Stopping Attacks with Intention , 2004, IEEE Secur. Priv..

[2]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[3]  Jeannette M. Wing,et al.  Tools for Generating and Analyzing Attack Graphs , 2003, FMCO.

[4]  Giovanni Vigna,et al.  A Topological Characterization of TCP/IP Security , 2003, FME.

[5]  H. Chandler Practical , 1982, Digital Transformation of the Laboratory.

[6]  Paul Ammann,et al.  Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[7]  Richard Lippmann,et al.  Practical Attack Graph Generation for Network Defense , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[8]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[9]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[10]  Paul Ammann,et al.  A host-based approach to network attack chaining analysis , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[11]  Rasool Jalili,et al.  Modeling TCP/IP Networks Topology for Network Vulnerability Analysis , 2005 .

[12]  M. Chalmers V. Conclusions , 1986 .

[13]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[14]  Somesh Jha,et al.  Minimization and Reliability Analyses of Attack Graphs , 2002 .

[15]  Eugene Santos,et al.  Making Adversary Decision Modeling Tractable with Intent Inference and Information Fusion 1 , 2002 .