Modeling Modern Network Attacks and Countermeasures Using Attack Graphs
Kyle Ingols,Matthew Chu,Richard P. Lippmann,Seth Webster,Stephen Boyer +4 more
- pp 117-126
Reads0
Chats0
TLDR
In this paper, the authors describe substantial enhancements to the NetSPA attack graph system required to model additional present-day threats (zero-day exploits and client-side attacks) and countermeasures (intrusion prevention systems, proxy firewalls, personal firewall, and host-based vulnerability scans).Abstract:Â
By accurately measuring risk for enterprise networks, attack graphs allow network defenders to understand the most critical threats and select the most effective countermeasures. This paper describes substantial enhancements to the NetSPA attack graph system required to model additional present-day threats (zero-day exploits and client-side attacks) and countermeasures (intrusion prevention systems, proxy firewalls, personal firewalls, and host-based vulnerability scans). Point-to-point reachability algorithms and structures were extensively redesigned to support "reverse" reachability computations and personal firewalls. Host-based vulnerability scans are imported and analyzed. Analysis of an operational network with 84 hosts demonstrates that client-side attacks pose a serious threat. Experiments on larger simulated networks demonstrated that NetSPA's previous excellent scaling is maintained. Less than two minutes are required to completely analyze a four-enclave simulated network with more than 40,000 hosts protected by personal firewalls.read more
Citations
More filters
Journal ArticleDOI
Petri Net Modeling of Cyber-Physical Attacks on Smart Grid
TL;DR: This paper proposes a novel hierarchical method to construct large Petri nets from a number of smaller Petrinets that can be created separately by different domain experts that is demonstrated by a proof-of-concept Python program.
Journal ArticleDOI
The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures
TL;DR: The theory used for the attack-probability calculations in CySeMoL is a compilation of research results on a number of security domains and covers a range of attacks and countermeasures and is validated on a system level.
Journal ArticleDOI
k-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities
TL;DR: A novel security metric, k-zero day safety, is proposed that counts how many unknown vulnerabilities would be required for compromising network assets; a larger count implies more security because the likelihood of having more unknown vulnerabilities available, applicable, and exploitable all at the same time will be significantly lower.
Book ChapterDOI
An empirical study on using the national vulnerability database to predict software vulnerabilities
TL;DR: An empirical study on applying data-mining techniques on NVD data with the objective of predicting the time to next vulnerability for a given software application, showing that the data in NVD generally have poor prediction capability.
Journal ArticleDOI
Assessing the Effectiveness of Moving Target Defenses Using Security Models
Jin B. Hong,Dong Seong Kim +1 more
TL;DR: This paper incorporates moving target defense techniques into a security model, namely a hierarchical attack representation model (HARM), to assess the effectiveness of them, and uses importance measures for deploying MTD techniques to enhance the scalability.
References
More filters
Proceedings Article
MulVAL: a logic-based network security analyzer
TL;DR: MulVAL is an end-to-end framework and reasoning system that conducts multihost, multistage vulnerability analysis on a network and can reason about 84% of the Red Hat bugs reported in OVAL, a formal vulnerability definition language.
Proceedings ArticleDOI
FIREMAN: a toolkit for firewall modeling and analysis
TL;DR: Fireman, a static analysis toolkit for firewall modeling and analysis, is introduced and used to uncover several real misconfigurations in enterprise networks, some of which have been subsequently confirmed and corrected by the administrators of these networks.
Journal ArticleDOI
A quantitative study of firewall configuration errors
TL;DR: Analysis of real configuration data show that corporate firewalls are often enforcing rule sets that violate well established security guidelines.
A Complete Guide to the Common Vulnerability Scoring System Version 2.0 | NIST
TL;DR: The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities and enables IT managers, vulnerability bulletin providers, security vendors, application vendors and researchers to all benefit by adopting this common language of scoring IT vulnerabilities.
Proceedings ArticleDOI
Practical Attack Graph Generation for Network Defense
TL;DR: A new type of attack graph, the multiple-prerequisite graph, is created that scales nearly linearly as the size of a typical network increases and a prototype system is built using this graph type.