Multi-Objective Security Hardening Optimisation for Dynamic Networks

Hardening the dynamic networks is a very challenging task due to their complexity and dynamicity. Moreover, there may be multi-objectives to satisfy, while containing the solutions within the constraints (e.g., fixed budget, availability of countermeasures, performance degradation, non-patchable vulnerabilities, etc). In this paper, we propose a systematic approach to optimise the selection of the security hardening options for the dynamic networks given multiple constraints and objectives. To do so, we evaluate potential attack scenarios for a given time period, and then use a multi-objective optimisation based on Non-dominated Sorting Genetic Algorithm to find the optimal set of security hardening options. We measure the effectiveness of the options using various security metrics, which is demonstrated through experimental analysis. The results show that our approach can be applied to select the optimal set of security hardening options to be deployed for the dynamic networks given multiple objectives and constraints.

[1]  Jin B. Hong,et al.  Security Modelling and Analysis of Dynamic Enterprise Networks , 2016, 2016 IEEE International Conference on Computer and Information Technology (CIT).

[2]  Dong Seong Kim,et al.  Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[3]  Sushil Jajodia,et al.  Surviving unpatchable vulnerabilities through heterogeneous network hardening options , 2018, J. Comput. Secur..

[4]  Jasbir S. Arora,et al.  Survey of multi-objective optimization methods for engineering , 2004 .

[5]  Hsiao-Hwa Chen,et al.  Dynamic Optimization of Secure Mobile Sensor Networks: A Genetic Algorithm , 2007, 2007 IEEE International Conference on Communications.

[6]  Alexander Romanovsky,et al.  Experience Report: Study of Vulnerabilities of Enterprise Operating Systems , 2017, 2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE).

[7]  Sushil Jajodia,et al.  Securing Networks Against Unpatchable and Unknown Vulnerabilities Using Heterogeneous Hardening Options , 2017, DBSec.

[8]  Jin B. Hong,et al.  Stateless Security Risk Assessment for Dynamic Networks , 2018, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W).

[9]  Soumya K. Ghosh,et al.  A multi-objective search strategy to select optimal network hardening measures , 2015 .

[10]  Sushil Jajodia,et al.  Measuring Security Risk of Networks Using Attack Graphs , 2010, Int. J. Next Gener. Comput..

[11]  Indrajit Ray,et al.  Optimal security hardening on attack tree models of networks: a cost-benefit analysis , 2012, International Journal of Information Security.

[12]  Jin B. Hong,et al.  Dynamic security metrics for measuring the effectiveness of moving target defense techniques , 2018, Comput. Secur..

[13]  Indrajit Ray,et al.  Optimal security hardening using multi-objective optimization on attack tree models of networks , 2007, CCS '07.

[14]  Dijiang Huang,et al.  NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems , 2013, IEEE Transactions on Dependable and Secure Computing.