A Theory of Cyber Attacks: A Step Towards Analyzing MTD Systems

Moving Target Defenses (MTD) have been touted as a game changing approach to computer security that eliminates the static nature of current computer systems -- an attacker's biggest advantage. While promising, the dynamism of MTD introduces challenges related to understanding and quantifying the impact of MTD systems on security, users, and attackers. To analyze this impact, both the concepts of MTD systems and cyber attacks must be formalized. While a theory of MTD systems was proposed in [18], this paper presents a theory of cyber attacks that supports the understanding and analysis of the interaction between MTD systems and the attacks they hope to thwart. The theory defines key concepts that support precise discussion of attacker knowledge, attack types, and attack instances. The paper also presents concrete examples to show how these definitions and concepts can be used in realistic scenarios.

[1]  Bülent Yener,et al.  A formal method for attack modelling and detection , 2006 .

[2]  Scott A. DeLoach,et al.  A model for analyzing the effect of moving target defenses on enterprise networks , 2014, CISR '14.

[3]  Barbara Kordy,et al.  DAG-based attack and defense modeling: Don't miss the forest for the attack trees , 2013, Comput. Sci. Rev..

[4]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[5]  Sushil Jajodia,et al.  Advanced Cyber Attack Modeling Analysis and Visualization , 2010 .

[6]  Scott A. DeLoach,et al.  Towards a Theory of Moving Target Defense , 2014, MTD '14.

[7]  William W. Streilein,et al.  On the Challenges of Effective Movement , 2014, MTD '14.

[8]  Ruby B. Lee,et al.  National Cyber Leap Year Summit 2009 Co-Chairs ’ Report , 2009 .

[9]  Richard Lippmann,et al.  Practical Attack Graph Generation for Network Defense , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[10]  Steven M. Bellovin On the Brittleness of Software and the Infeasibility of Security Metrics , 2006, IEEE Security & Privacy Magazine.

[11]  David John Leversage,et al.  Estimating a System's Mean Time-to-Compromise , 2008, IEEE Security & Privacy.

[12]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[13]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[14]  Markus Schumacher,et al.  Collaborative attack modeling , 2002, SAC '02.

[15]  Andrew P. Moore,et al.  Attack Modeling for Information Security and Survivability , 2001 .

[16]  David A. Schmidt,et al.  Aggregating vulnerability metrics in enterprise networks using attack graphs , 2013, J. Comput. Secur..