Attack modelling and security evaluation based on stochastic activity networks

An appropriate model of attacker behaviour is a key requirement for quantitative security evaluation. Motivated by the fact that attacker behaviour is affected by some social factors such as monetary costs and benefits rather than merely the technical aspects of the target system, we proposed an attack modelling approach based on a hierarchical and coloured extension of stochastic activity networks HCSANs. This approach is called HCSAN-based attack modelling. By using this approach, multistage attacks can be modelled following the attack tree paradigm. Also, attacker behaviour can be modelled as a strategic decision-making process that accounts for the following factors affecting the attacker's decisions: 1 the goals of attack; 2 the cost and risk associated with available strategies; and 3 the target system's possible responses. Furthermore, we put forward an analytic solution method to measure security attributes i.e. confidentiality, integrity and availability and estimated two important quantitative security measures, which are the mean time to security failure and attack success probability. Additionally, we introduce a parametric sensitivity analysis method, which can be used to determine the sensitivity of the evaluated measures to different model parameters and optimize the model accordingly. Finally, we demonstrated how this approach can be used for survivability enhancement of the system using a well-known risk assessment process. Copyright © 2013 John Wiley & Sons, Ltd.

[1]  Svein J. Knapskog,et al.  Using Stochastic Game Theory to Compute the Expected Behavior of Attackers , 2005 .

[2]  Nir Kshetri,et al.  The simple economics of cybercrimes , 2006, IEEE Security & Privacy Magazine.

[3]  Pin-Han Ho,et al.  A model-based semi-quantitative approach for evaluating security of enterprise networks , 2008, SAC '08.

[4]  Bharat B. Madan,et al.  Modeling and quantification of security attributes of software systems , 2002, Proceedings International Conference on Dependable Systems and Networks.

[5]  Jan Willemson,et al.  Processing Multi-parameter Attacktrees with Estimated Parameter Values , 2007, IWSEC.

[6]  Rodolphe Ortalo,et al.  Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security , 1999, IEEE Trans. Software Eng..

[7]  Sushil Jajodia,et al.  Topological analysis of network attack vulnerability , 2006, PST.

[8]  Ahto Buldas,et al.  Practical Security Analysis of E-Voting Systems , 2007, IWSEC.

[9]  Zonghua Zhang,et al.  Boosting Markov Reward Models for Probabilistic Security Evaluation by Characterizing Behaviors of Attacker and Defender , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[10]  Richard P. Lippmann,et al.  An Annotated Review of Past Papers on Attack Graphs , 2005 .

[11]  James P. McDermott,et al.  Attack net penetration testing , 2001, NSPW '00.

[12]  Hung Q. Ngo,et al.  Towards a theory of insider threat assessment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[13]  Vilhelm Verendel,et al.  Quantified security is a weak hypothesis: a critical survey of results and assumptions , 2009, NSPW '09.

[14]  Lingyu Wang,et al.  Measuring Network Security Using Bayesian Network-Based Attack Graphs , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[15]  Jan Willemson,et al.  Rational Choice of Security Measures Via Multi-parameter Attack Trees , 2006, CRITIS.

[16]  Ludovic Piètre-Cambacédès,et al.  Beyond Attack Trees: Dynamic Security Modeling with Boolean Logic Driven Markov Processes (BDMP) , 2010, 2010 European Dependable Computing Conference.

[17]  Fred Cohen Feature: Managing network security: Attack and defence strategies , 1999 .

[18]  Svein J. Knapskog,et al.  Incorporating Attacker Behavior in Stochastic Models of Security , 2005, Security and Management.

[19]  Miles A. McQueen,et al.  Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[20]  Kishor S. Trivedi,et al.  Security modeling and quantification of intrusion tolerant systems using attack-response graph , 2004, J. High Speed Networks.

[21]  Marc Dacier,et al.  Models and tools for quantitative assessment of operational security , 1996, SEC.

[22]  Jan Willemson,et al.  Serial Model for Attack Tree Computations , 2009, ICISC.

[23]  Kishor S. Trivedi Probability and Statistics with Reliability, Queuing, and Computer Science Applications , 1984 .

[24]  Ali Movaghar,et al.  STOCHASTIC ACTIVITY NETWORKS: A NEW DEFINITION AND SOME PROPERTIES , 2001 .

[25]  R.F. Mills,et al.  Analyzing Attack Trees using Generalized Stochastic Petri Nets , 2006, 2006 IEEE Information Assurance Workshop.

[26]  Luai Mohammed Malhis,et al.  Development and application of an efficient method for the solution of stochastic activity networks with deterministic activities , 1996 .

[27]  G. Manimaran,et al.  PENET: A practical method and tool for integrated modeling of security attacks and countermeasures , 2009, Comput. Secur..

[28]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[29]  Peng Liu,et al.  Incentive-based modeling and inference of attacker intent, objectives, and strategies , 2005, ACM Trans. Inf. Syst. Secur..

[30]  Shelby Evans,et al.  Risk-based Systems Security Engineering: Stopping Attacks with Intention , 2004, IEEE Secur. Priv..

[31]  Peng Liu,et al.  Using Bayesian networks for cyber security analysis , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[32]  D. Jefferson,et al.  Security analysis of SERVE 1 A Security Analysis of the Secure Electronic Registration and Voting Experiment ( SERVE ) , 2004 .

[33]  Marc Dacier,et al.  Quantitative Assessment of Operational Security: Models and Tools * , 1996 .

[34]  Steven J. Templeton,et al.  A requires/provides model for computer attacks , 2001, NSPW '00.

[35]  Marc Bouissou,et al.  A new formalism that combines advantages of fault-trees and Markov models: Boolean logic driven Markov processes , 2003, Reliab. Eng. Syst. Saf..

[36]  Mikko Kiviharju,et al.  Towards Modelling Information Security with Key-Challenge Petri Nets , 2009, NordSec.

[37]  Jan Willemson,et al.  Computing Exact Outcomes of Multi-parameter Attack Trees , 2008, OTM Conferences.

[38]  Kishor S. Trivedi,et al.  Security analysis of SITAR intrusion tolerance system , 2003, SSRS '03.

[39]  Margus Niitsoo Optimal Adversary Behavior for the Serial Model of Financial Attack Trees , 2010, IWSEC.

[40]  Yuliang Lu,et al.  Capability-centric attack model for network security analysis , 2010, 2010 2nd International Conference on Signal Processing Systems.

[41]  William H. Sanders,et al.  Model-based evaluation: from dependability to security , 2004, IEEE Transactions on Dependable and Secure Computing.

[42]  Murtuza Jadliwala,et al.  Representation and analysis of coordinated attacks , 2003, FMSE '03.

[43]  Robert P. Goldman,et al.  A Stochastic Model for Intrusions , 2002, RAID.

[44]  Bharat B. Madan,et al.  A method for modeling and quantifying the security attributes of intrusion tolerant systems , 2004, Perform. Evaluation.

[45]  J. Medhi,et al.  Stochastic Processes , 1982 .

[46]  William H. Sanders,et al.  Stochastic Activity Networks: Formal Definitions and Concepts , 2002, European Educational Forum: School on Formal Methods and Performance Analysis.