Attack representation models (ARMs) (such as attack graphs, attack trees) can be used to model and assess security of a networked system. To do this, one must generate an ARM. However, generation and evaluation of the ARM suffer from a scalability problem when the size of the networked system is very large (e.g., 10,000 computer hosts in the network with a complex network topology). The main reason is that computing all possible attack scenarios to cover all aspects of an attack results in a state space explosion. One idea is to use only important hosts and vulnerabilities in the networked system to generate and evaluate security. We propose to use k-importance measures to generate a two-layer hierarchical ARM that will improve the scalability of model generation and security evaluation computational complexities. We use k 1 number of important hosts based on network centrality measures and k 2 number of significant vulnerabilities of hosts using host security metrics. We show that an equivalent security analysis can be achieved using our approach (using k-importance measures), compared to an exhaustive search.
|Name||Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering|
|Conference||9th International ICST Conference on Security and Privacy in Communication Networks |
|Abbreviated title||SecureComm 2013|
|Period||25/09/13 → 28/09/13|