A model-based semi-quantitative approach for evaluating security of enterprise networks

A challenging issue in Enterprise Risk Management (ERM) is to quantify network attributes with respect to security. This paper presents a model-based semi-quantitative approach for evaluating the security of enterprise networks. Instead of focusing on particular attacks/intrusions, our approach aims at characterizing attacker behaviors by examining attacker intent, objective, and attack consequence, which are essential for enforcing an attack scheme. In particular, an attack scheme involving several atomic attacks is formulated as a partially observable Markov decision process: a goal-directed attacker takes a sequence of actions to achieve the malicious goal, and a reward signal is used as feedback to integrate the attacker's intent, cost and objective and guides its advances. It is also used to measure attack impact, from security analyst's economic perspective, by considering the significance of network assets. Our approach provides network administrators a useful tool for performing better countermeasures during the risk management process. We carry out a real trace study to demonstrate its feasibility in practice and validate its performance.

[1]  Stefano Bistarelli,et al.  Using CP-nets as a guide for countermeasure selection , 2007, SAC '07.

[2]  Hartmut Bossel,et al.  Modeling and simulation , 1994 .

[3]  O. Patrick Kreidl,et al.  Feedback control applied to survivability: a host-based autonomic defense system , 2004, IEEE Transactions on Reliability.

[4]  Salim Hariri,et al.  Impact Analysis of Faults and Attacks in Large-Scale Networks , 2003, IEEE Secur. Priv..

[5]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[6]  William H. Sanders,et al.  Probabilistic validation of an intrusion-tolerant replication system , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[7]  David Wright,et al.  Towards Operational Measures of Computer Security , 1993, J. Comput. Secur..

[8]  Joost-Pieter Katoen,et al.  Model checking Markov reward models with impulse rewards , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[9]  Giovanni Vigna,et al.  Using Hidden Markov Models to Evaluate the Risks of Intrusions , 2006, RAID.

[10]  D. Aberdeen,et al.  A ( Revised ) Survey of Approximate Methods for Solving Partially Observable Markov Decision Processes , 2003 .

[11]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[12]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[13]  Bharat B. Madan,et al.  Modeling and quantification of security attributes of software systems , 2002, Proceedings International Conference on Dependable Systems and Networks.

[14]  David M. Nicol Modeling and Simulation in Security Evaluation , 2005, IEEE Secur. Priv..

[15]  Giovanni Vigna,et al.  Using hidden markov models to evaluate the risks of intrusions : System architecture and model validation , 2006 .

[16]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[17]  Pin-Han Ho,et al.  Janus: A Two-Sided Analytical Model for Multi-Stage Coordinated Attacks , 2006, ICISC.

[18]  Tomas Olovsson,et al.  A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior , 1997, IEEE Trans. Software Eng..

[19]  Hong Shen,et al.  Constructing multi-layered boundary to defend against intrusive anomalies: an autonomic detection coordinator , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[20]  William H. Sanders,et al.  Model-based evaluation: from dependability to security , 2004, IEEE Transactions on Dependable and Secure Computing.