1 Measuring Network Security Using Attack Graphs Anoop Singhal National Institute of Standards and Technology Coauthors: Lingyu Wang and Sushil Jajodia.

Slides:



Advertisements
Similar presentations
Aggregating CVSS Base Scores for Semantics-Rich Network Security Metrics Lingyu Wang 1 Pengsu Cheng 1, Sushil Jajodia 2, Anoop Singhal 3 1 Concordia University.
Advertisements

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.
Lingyu Wang1 Sushil Jajodia2, Anoop Singhal3, and Steven Noel2
A Unified Framework for Measuring a Network’s Mean Time-to-Compromise
1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.
Example One Internet is allowed to access the web server through HTTP protocol and port CVE was identified on web server.
Sushil Jajodia, George Mason U Witold Litwin, U Paris Dauphine Thomas Schwarz, S.J., U Católica Uruguay.
“A Map of Security Risks Associated with Using COTS” Ulf Lindqvist, Erland Jonssson IEEE Computer, June 1998 “Combining Internet connectivity and COTS-based.
Operational Security Risk Metrics: Definitions, Calculations, Visualizations Metricon 2.0 Alain Mayer CTO RedSeal Systems
Beyond Reactive Management of Network Intrusions Professor Sushil Jajodia Professor Sushil Jajodia Center for Secure Information Systems
1 SANS Technology Institute - Candidate for Master of Science Degree 1 A Preamble into Aligning Systems Engineering and Information Security Risk Dr. Craig.
22 May 2006 Wu, Goel and Davison Models of Trust for the Web (MTW) WWW2006 Workshop L EHIGH U NIVERSITY.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
P REDICTING ZERO - DAY SOFTWARE VULNERABILITIES THROUGH DATA MINING Su Zhang Department of Computing and Information Science Kansas State University 1.
Intrusion Detection Systems and Practices
A Kolmogorov Complexity Approach for Measuring Attack Path Complexity By Nwokedi C. Idika & Bharat Bhargava Presented by Bharat Bhargava.
Mobility Improves Coverage of Sensor Networks Benyuan Liu*, Peter Brass, Olivier Dousse, Philippe Nain, Don Towsley * Department of Computer Science University.
Author: Jason Weston et., al PANS Presented by Tie Wang Protein Ranking: From Local to global structure in protein similarity network.
Dominance Principles in Social Network Dynamics and Terrorism DIMACS Working Group on Modeling Social Responses to Bio-terrorism Involving Infectious Agents,
Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,
Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,
Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
School of Computer Science and Information Systems
Structure based Data De-anonymization of Social Networks and Mobility Traces Shouling Ji, Weiqing Li, and Raheem Beyah Georgia Institute of Technology.
Application Threat Modeling Workshop
TGDC Meeting, December 2011 Andrew Regenscheid National Institute of Standards and Technology Update on UOCAVA Risk Assessment by.
Operational Java for Technical Committee.
P REDICTING ZERO - DAY SOFTWARE VULNERABILITIES THROUGH DATA - MINING --T HIRD P RESENTATION Su Zhang 1.
1 Security Risk Analysis of Computer Networks: Techniques and Challenges Anoop Singhal Computer Security Division National Institute of Standards and Technology.
Topological Vulnerability Analysis
SEC835 Database and Web application security Information Security Architecture.
Network Intrusion Detection Using Random Forests Jiong Zhang Mohammad Zulkernine School of Computing Queen's University Kingston, Ontario, Canada.
IIT Indore © Neminah Hubballi
Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
Cassio Goldschmidt June 29 th, Introduction 2.
“Intra-Network Routing Scheme using Mobile Agents” by Ajay L. Thakur.
Honeypot and Intrusion Detection System
INFORMATION SECURITY MANAGEMENT L ECTURE 7: R ISK M ANAGEMENT I DENTIFYING AND A SSESSING R ISK You got to be careful if you don’t know where you’re going,
Carnegie Mellon University 10/23/2015 Survivability Analysis via Model Checking Oleg Sheyner Jeannette Wing Carnegie Mellon University.
Auditing IT Vulnerabilities IT vulnerabilities are weaknesses or exposures in IT assets or processes that may lead to a business risk or security risk.
Measuring Relative Attack Surfaces Michael Howard, Jon Pincus & Jeannette Wing Presented by Bert Bruce.
User Management. Basics SDMS shall maintain a database of all users. SDMS shall maintain a database of all users. SDMS shall not limit the number of registered.
Evaluating Network Security with Two-Layer Attack Graphs Anming Xie Zhuhua Cai Cong Tang Jianbin Hu Zhong Chen ACSAC (Dec., 2009) 2010/6/151.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
CHAPTER 9 HARDENING SERVERS. C REATING A BASELINE POLICY Security parameters used to create a baseline installation can be configured using a Group Policy.
Automatic Detection of Emerging Threats to Computer Networks Andre McDonald.
A Mission-Centric Framework for Cyber Situational Awareness Assessing the Risk Associated with Zero-day Vulnerabilities: Automated Methods for Efficient.
Intelligent Database Systems Lab 國立雲林科技大學 National Yunlin University of Science and Technology Mining Logs Files for Data-Driven System Management Advisor.
Bug Localization with Association Rule Mining Wujie Zheng
Search Worms, ACM Workshop on Recurring Malcode (WORM) 2006 N Provos, J McClain, K Wang Dhruv Sharma
Company LOGO User Authentication Threat Modelling from User and Social Perspective “Defending the Weakest Link: Intrusion.
Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.
1 11 Distributed Channel Assignment in Multi-Radio Mesh Networks Bong-Jun Ko, Vishal Misra, Jitendra Padhye and Dan Rubenstein Columbia University.
Using system security metrics to enhance resiliency Dr. Sara Bitan ENGINEERING RESILIENT & ROBUST SYSTEMS 24-Jan-2011 Bitan: Using system security metrics.
Network Devices and Firewalls Lesson 14. It applies to our class…
Yves Deswarte Contribution of Quantitative Security Evaluation to Intrusion Detection Yves Deswarte RAID’ September.
Outline Introduction Characteristics of intrusion detection systems
Topological Vulnerability Analysis
Firewalls.
Xutong Chen and Yan Chen
Real-Time Attack Detection in CPS
A Kolmogorov Complexity Approach for Measuring Attack Path Complexity
A Kolmogorov Complexity Approach for Measuring Attack Path Complexity
CVE.
SCOTT NO meeting Measurement
Autonomous Network Alerting Systems and Programmable Networks
Dong Xuan*, Sriram Chellappan*, Xun Wang* and Shengquan Wang+
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Presentation transcript:

1 Measuring Network Security Using Attack Graphs Anoop Singhal National Institute of Standards and Technology Coauthors: Lingyu Wang and Sushil Jajodia Concordia University George Mason University Metricon ’ 07

2 Outline Background and Related Work Application Examples Attack Resistance Metric Conclusion and Future Work

3 Motivation Typical issues addressed in the literature Is that database server secure from intruders? Can the database server be secured from intruders? How do I stop an ongoing intrusion? Notice that they all have a qualitative nature Better questions to ask: How secure is the database server? How much security does a new configuration provide? What is the least-cost option to stop the attack? For this we need a network security metric

4 Challenges Measuring each vulnerability Impact, exploitability, etc. Temporal, environmental factors E.g., the Common Vulnerability Scoring System (CVSS) v2 released on June 20, Composing such measures for the overall security of a network Our work focuses on this problem

5 Related Work NIST ’ s efforts on standardizing security metric Special publication , NVD and CVSSv2 Markov model and MTTF for security Dacier et. al TSE 1999 Minimum-effort approaches Balzarotti et. al QoP ’ 05 Pamula et. al QoP ’ 06 Attack surface (Howard et. al QoP ’ 06) PageRank (Mehta et. Al RAID ’ 06)

6 Related Work (Cont ’ d) Attack graph Model checker-based (Ritchey et. al S&P ’ 00, Sheyner et. al S&P ’ 02) Graph-based (Ammann et. al CCS ’ 02, Ritchey et. al ACSAC ’ 02, Noel et. al ACSAC ’ 03, Wang et. al ESORICS ’ 05, Wang et. al DBSEC ’ 06)

7 Attack Graph To measure combined effect of vulnerabilities We need to understand the interplay between them How can an attacker combine them for an intrusion Attack graph is a model of potential sequences of attacks compromising given resources

8 Attack Graph Example

9 Attack Graph from machine 0 to DB Server

10 Attack Graph with Probabilities Numbers are estimated probabilities of occurrence for individual exploits, based on their relative difficulty. The ftp_rhosts and rsh exploits take advantage of normal services in a clever way and do not require much attacker skill A bit more skill is required for ftp_rhosts in crafting a.rhost file. sshd_bof and local_bof are buffer-overflow attacks, which require more expertise.

11 Probabilities Propagated Through Attack Graph When one exploit must follow another in a path, this means both are needed to eventually reach the goal, so their probabilities are multiplied: p(A and B) = p(A)p(B) When a choice of paths is possible, either is sufficient for reaching the goal: p(A or B) = p(A) + p(B) – p(A)p(B).

12 Network Hardening When we harden the network, this changes the attack graph, along with the way its probabilities are propagated. Our options are to block traffic from the Attacker: Make no change to the network (baseline) Block ftp traffic to prevent ftp_rhosts(0,1) and ftp_rhosts(0,2) Block rsh traffic to prevent rsh(0,1) and rsh(0,2) Block ssh traffic to prevent sshd_bof(0,1)

13 Comparison of Options We can make comparisons of relative security among the options Blocking ftp traffic from Attacker leaves a remaining 4-step attack path with total probability p = 0.1∙0.8∙0.9∙0.1 = Blocking rsh traffic leaves the same 4-step attack path But blocking ssh traffic leaves 2 attack paths, with total probability p ≈ , i.e., compromise is 10 times more likely with this option.

14 A Generic Attack Resistance Metric Given an attack graph G(E  C,Req  Imp), define r(): E  D, R(): E  D  and  : D  D  D D is the domain of attack resistance For any exploit e r(e) is its individual resistance, and R(e) is the cumulative resistance

15 A Generic Attack Resistance Metric  and  are two operators used to calculate cumulative resistances from individual resistances Corresponding to the disjunctive and conjunctive dependency relationships between exploits, respectively

16 Conclusion Based on attack graphs, we have proposed a metric for measuring the overall security of networks The metric meets intuitive requirements derived from common senses The metric can be instantiated for different applications, and it generalizes previous proposals

17 Future Work Study of metric for other aspects of network security, e.g., risk and cost Applying the metric to vulnerability analysis, network hardening, etc.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.