Maximization of network robustness considering the effect of escalation and accumulated experience of intelligent attackers

In this paper, we propose a mathematical programming model to describe a network attack scenario. In this problem, the attacker’s objective is to compromise multiple core nodes at minimum total attack cost. During the attack actions, the attacker may gain some experience from previous attacks to further reduce the attack costs in the future. Moreover, he can also pay extra fee to escalate his authority on a compromised node to get higher user privileges, so that he will have higher authority to access more information on the node. We measure the impact incurred by information leakage in our model, and adopt some Simulated Annealing-based algorithms to solve the problem.

[1]  Stuart McClure,et al.  Hacking Exposed; Network Security Secrets and Solutions , 1999 .

[2]  Kishor S. Trivedi,et al.  A General Framework for Network Survivability Quantification , 2004, MMB.

[3]  K. W. Lu,et al.  A framework for network survivability characterization , 1992, [Conference Record] SUPERCOMM/ICC '92 Discovering a New World of Communications.

[4]  Omar H. Alhazmi,et al.  Quantitative vulnerability assessment of systems software , 2005, Annual Reliability and Maintainability Symposium, 2005. Proceedings..

[5]  J. Knight,et al.  ON THE DEFINITION OF SURVIVABILITY , 2000 .

[6]  Kevin J. Sullivan,et al.  Towards a rigorous definition of information system survivability , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[7]  Tomas Olovsson,et al.  A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior , 1997, IEEE Trans. Software Eng..

[8]  Robert A. Small,et al.  Reducing Internet-Based Intrusions: Effective Security Patch Management , 2003, IEEE Softw..

[9]  C. D. Gelatt,et al.  Optimization by Simulated Annealing , 1983, Science.

[10]  Vickie R. Westmark A definition for information system survivability , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[11]  Nancy R. Mead,et al.  Survivable Network Systems: An Emerging Discipline , 1997 .

[12]  Charles Iheagwara The effect of intrusion detection management methods on the return on investment , 2004, Comput. Secur..

[13]  M. Naceur Azaiez,et al.  Optimal resource allocation for security in reliability systems , 2007, Eur. J. Oper. Res..

[14]  John McDermott,et al.  Attack-potential-based survivability modeling for high-consequence systems , 2005, Third IEEE International Workshop on Information Assurance (IWIA'05).

[15]  Roger Y. Lee,et al.  An Approach to Analyzing the Windows and Linux Security Models , 2006, 5th IEEE/ACIS International Conference on Computer and Information Science and 1st IEEE/ACIS International Workshop on Component-Based Software Engineering,Software Architecture and Reuse (ICIS-COMSAR'06).

[16]  Manu Malek,et al.  Security risk analysis and evaluation , 2004, 2004 IEEE International Conference on Communications (IEEE Cat. No.04CH37577).

[17]  Miles A. McQueen,et al.  Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[18]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[19]  Stefano Bistarelli,et al.  Defense trees for economic evaluation of security investments , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[20]  Yongzheng Zhang,et al.  A New Vulnerability Taxonomy Based on Privilege Escalation , 2004, ICEIS.