Maximization of Network Survivability under Malicious and Epidemic Attacks

Due to the Internet's scalability and connectivity, enterprises and organizations increasingly rely upon it to provide services for customers. However, attackers intelligently attack enterprises and organizations through continuous vulnerability exploitation and advanced malware. Recently, assailants have applied the characteristics of fast propagation and epidemic attack infection to launch more deliberate attacks, by using obtained network topology information. This paper examines malicious and epidemic attacks, taking into account various defense mechanisms. Attackers are assumed to only have incomplete information regarding the target network, which raises the difficulty of solving this problem and renders the nature of the problem non-deterministic. Our purpose is to help defenders evaluate average network survivability when making defense-related decisions. This scenario is modeled as a mathematical formulation, and through our simulation results, meaningful and useful defense guidelines are proposed.

[1]  David John Leversage,et al.  Estimating a System's Mean Time-to-Compromise , 2008, IEEE Security & Privacy.

[2]  Manish Parashar,et al.  Cooperative detection and protection against network attacks using decentralized information sharing , 2009, Cluster Computing.

[3]  Eugene H. Spafford,et al.  The internet worm program: an analysis , 1989, CCRV.

[4]  Pele Li,et al.  A survey of internet worm detection and containment , 2008, IEEE Communications Surveys & Tutorials.

[5]  Vernon L. Smith,et al.  THE PARADOX OF POWER , 1991 .

[6]  David A. Maltz,et al.  Worm origin identification using random moonwalks , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[7]  Arun K. Sood,et al.  Closing cluster attack windows through server redundancy and rotations , 2006 .

[8]  Vyas Sekar,et al.  Forensic Analysis for Epidemic Attacks in Federated Networks , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[9]  Fred Cohen Feature: Managing network security: Attack and defence strategies , 1999 .

[10]  S. Skaperdas Contest success functions , 1996 .

[11]  John McHugh,et al.  Survivable Network Analysis Method , 2000 .

[12]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[13]  J. Hirshleifer Conflict and rent-seeking success functions: Ratio vs. difference models of relative success , 1989 .

[14]  Arun K. Sood,et al.  Incorruptible Self-Cleansing Intrusion Tolerance and Its Application to DNS Security , 2006, J. Networks.

[15]  Gregory Levitin,et al.  Protection vs. false targets in series systems , 2009, Reliab. Eng. Syst. Saf..

[16]  Lior Rokach,et al.  Detection of unknown computer worms based on behavioral classification of the host , 2008, Comput. Stat. Data Anal..

[17]  H. Raghav Rao,et al.  Security protection design for deception and real system regimes: A model and analysis , 2010, Eur. J. Oper. Res..

[18]  Dawn Xiaodong Song,et al.  Dynamic quarantine of Internet worms , 2004, International Conference on Dependable Systems and Networks, 2004.