Scalable Security Model Generation and Analysis Using k-importance Measures

Jin Bum Hong; Dong Seong Kim

doi:10.1007/978-3-319-04283-1_17

Scalable Security Model Generation and Analysis Using k-importance Measures

Jin Bum Hong, Dong Seong Kim

Research output: Chapter in Book/Conference paper › Conference paper

12 Citations (Scopus)

Abstract

Attack representation models (ARMs) (such as attack graphs, attack trees) can be used to model and assess security of a networked system. To do this, one must generate an ARM. However, generation and evaluation of the ARM suffer from a scalability problem when the size of the networked system is very large (e.g., 10,000 computer hosts in the network with a complex network topology). The main reason is that computing all possible attack scenarios to cover all aspects of an attack results in a state space explosion. One idea is to use only important hosts and vulnerabilities in the networked system to generate and evaluate security. We propose to use k-importance measures to generate a two-layer hierarchical ARM that will improve the scalability of model generation and security evaluation computational complexities. We use k 1 number of important hosts based on network centrality measures and k 2 number of significant vulnerabilities of hosts using host security metrics. We show that an equivalent security analysis can be achieved using our approach (using k-importance measures), compared to an exhaustive search.

Original language	English
Title of host publication	Security and Privacy in Communication Networks
Subtitle of host publication	9th International Conference on Security and Privacy in Communication Systems
Editors	Tanveer Zia, Albert Zomaya, Vijay Varadharajan, Morley Mao
Place of Publication	Cham
Publisher	Springer
Pages	270-287
Number of pages	18
ISBN (Electronic)	9783319042831
ISBN (Print)	9783319042824
DOIs	https://doi.org/10.1007/978-3-319-04283-1_17
Publication status	Published - 2013
Externally published	Yes
Event	9th International ICST Conference on Security and Privacy in Communication Networks - Sydney, Australia Duration: 25 Sep 2013 → 28 Sep 2013

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
Publisher	Springer
Volume	127
ISSN (Print)	1867-8211
ISSN (Electronic)	1867-822X

Conference

Conference	9th International ICST Conference on Security and Privacy in Communication Networks
Abbreviated title	SecureComm 2013
Country	Australia
City	Sydney
Period	25/09/13 → 28/09/13

Fingerprint

Scalability

Complex networks

Explosions

Computational complexity

Topology

Cite this

Hong, J. B., & Kim, D. S. (2013). Scalable Security Model Generation and Analysis Using k-importance Measures. In T. Zia, A. Zomaya, V. Varadharajan, & M. Mao (Eds.), Security and Privacy in Communication Networks: 9th International Conference on Security and Privacy in Communication Systems (pp. 270-287). (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering; Vol. 127). Cham: Springer. https://doi.org/10.1007/978-3-319-04283-1_17

Hong, Jin Bum ; Kim, Dong Seong. / Scalable Security Model Generation and Analysis Using k-importance Measures. Security and Privacy in Communication Networks: 9th International Conference on Security and Privacy in Communication Systems. editor / Tanveer Zia ; Albert Zomaya ; Vijay Varadharajan ; Morley Mao. Cham : Springer, 2013. pp. 270-287 (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering).

@inproceedings{ceb5e59183f941a586819a9226c8163e,

title = "Scalable Security Model Generation and Analysis Using k-importance Measures",

abstract = "Attack representation models (ARMs) (such as attack graphs, attack trees) can be used to model and assess security of a networked system. To do this, one must generate an ARM. However, generation and evaluation of the ARM suffer from a scalability problem when the size of the networked system is very large (e.g., 10,000 computer hosts in the network with a complex network topology). The main reason is that computing all possible attack scenarios to cover all aspects of an attack results in a state space explosion. One idea is to use only important hosts and vulnerabilities in the networked system to generate and evaluate security. We propose to use k-importance measures to generate a two-layer hierarchical ARM that will improve the scalability of model generation and security evaluation computational complexities. We use k 1 number of important hosts based on network centrality measures and k 2 number of significant vulnerabilities of hosts using host security metrics. We show that an equivalent security analysis can be achieved using our approach (using k-importance measures), compared to an exhaustive search.",

author = "Hong, {Jin Bum} and Kim, {Dong Seong}",

year = "2013",

doi = "10.1007/978-3-319-04283-1_17",

language = "English",

isbn = "9783319042824",

series = "Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering",

publisher = "Springer",

pages = "270--287",

editor = "Zia, {Tanveer } and Zomaya, {Albert } and Varadharajan, {Vijay } and Mao, {Morley }",

booktitle = "Security and Privacy in Communication Networks",

address = "Netherlands",

}

Hong, JB & Kim, DS 2013, Scalable Security Model Generation and Analysis Using k-importance Measures. in T Zia, A Zomaya, V Varadharajan & M Mao (eds), Security and Privacy in Communication Networks: 9th International Conference on Security and Privacy in Communication Systems. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 127, Springer, Cham, pp. 270-287, 9th International ICST Conference on Security and Privacy in Communication Networks , Sydney, Australia, 25/09/13. https://doi.org/10.1007/978-3-319-04283-1_17

Scalable Security Model Generation and Analysis Using k-importance Measures. / Hong, Jin Bum; Kim, Dong Seong.

Security and Privacy in Communication Networks: 9th International Conference on Security and Privacy in Communication Systems. ed. / Tanveer Zia; Albert Zomaya; Vijay Varadharajan; Morley Mao. Cham : Springer, 2013. p. 270-287 (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering; Vol. 127).

Research output: Chapter in Book/Conference paper › Conference paper

TY - GEN

T1 - Scalable Security Model Generation and Analysis Using k-importance Measures

AU - Hong, Jin Bum

AU - Kim, Dong Seong

PY - 2013

Y1 - 2013

N2 - Attack representation models (ARMs) (such as attack graphs, attack trees) can be used to model and assess security of a networked system. To do this, one must generate an ARM. However, generation and evaluation of the ARM suffer from a scalability problem when the size of the networked system is very large (e.g., 10,000 computer hosts in the network with a complex network topology). The main reason is that computing all possible attack scenarios to cover all aspects of an attack results in a state space explosion. One idea is to use only important hosts and vulnerabilities in the networked system to generate and evaluate security. We propose to use k-importance measures to generate a two-layer hierarchical ARM that will improve the scalability of model generation and security evaluation computational complexities. We use k 1 number of important hosts based on network centrality measures and k 2 number of significant vulnerabilities of hosts using host security metrics. We show that an equivalent security analysis can be achieved using our approach (using k-importance measures), compared to an exhaustive search.

AB - Attack representation models (ARMs) (such as attack graphs, attack trees) can be used to model and assess security of a networked system. To do this, one must generate an ARM. However, generation and evaluation of the ARM suffer from a scalability problem when the size of the networked system is very large (e.g., 10,000 computer hosts in the network with a complex network topology). The main reason is that computing all possible attack scenarios to cover all aspects of an attack results in a state space explosion. One idea is to use only important hosts and vulnerabilities in the networked system to generate and evaluate security. We propose to use k-importance measures to generate a two-layer hierarchical ARM that will improve the scalability of model generation and security evaluation computational complexities. We use k 1 number of important hosts based on network centrality measures and k 2 number of significant vulnerabilities of hosts using host security metrics. We show that an equivalent security analysis can be achieved using our approach (using k-importance measures), compared to an exhaustive search.

U2 - 10.1007/978-3-319-04283-1_17

DO - 10.1007/978-3-319-04283-1_17

M3 - Conference paper

SN - 9783319042824

T3 - Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

SP - 270

EP - 287

BT - Security and Privacy in Communication Networks

A2 - Zia, Tanveer

A2 - Zomaya, Albert

A2 - Varadharajan, Vijay

A2 - Mao, Morley

PB - Springer

CY - Cham

ER -

Hong JB, Kim DS. Scalable Security Model Generation and Analysis Using k-importance Measures. In Zia T, Zomaya A, Varadharajan V, Mao M, editors, Security and Privacy in Communication Networks: 9th International Conference on Security and Privacy in Communication Systems. Cham: Springer. 2013. p. 270-287. (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering). https://doi.org/10.1007/978-3-319-04283-1_17

Access to Document

10.1007/978-3-319-04283-1_17