Abstract
Original language | English |
---|---|
Title of host publication | Security and Privacy in Communication Networks |
Subtitle of host publication | 9th International Conference on Security and Privacy in Communication Systems |
Editors | Tanveer Zia, Albert Zomaya, Vijay Varadharajan, Morley Mao |
Place of Publication | Cham |
Publisher | Springer |
Pages | 270-287 |
Number of pages | 18 |
ISBN (Electronic) | 9783319042831 |
ISBN (Print) | 9783319042824 |
DOIs | |
Publication status | Published - 2013 |
Externally published | Yes |
Event | 9th International ICST Conference on Security and Privacy in Communication Networks - Sydney, Australia Duration: 25 Sep 2013 → 28 Sep 2013 |
Publication series
Name | Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering |
---|---|
Publisher | Springer |
Volume | 127 |
ISSN (Print) | 1867-8211 |
ISSN (Electronic) | 1867-822X |
Conference
Conference | 9th International ICST Conference on Security and Privacy in Communication Networks |
---|---|
Abbreviated title | SecureComm 2013 |
Country | Australia |
City | Sydney |
Period | 25/09/13 → 28/09/13 |
Fingerprint
Cite this
}
Scalable Security Model Generation and Analysis Using k-importance Measures. / Hong, Jin Bum; Kim, Dong Seong.
Security and Privacy in Communication Networks: 9th International Conference on Security and Privacy in Communication Systems. ed. / Tanveer Zia; Albert Zomaya; Vijay Varadharajan; Morley Mao. Cham : Springer, 2013. p. 270-287 (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering; Vol. 127).Research output: Chapter in Book/Conference paper › Conference paper
TY - GEN
T1 - Scalable Security Model Generation and Analysis Using k-importance Measures
AU - Hong, Jin Bum
AU - Kim, Dong Seong
PY - 2013
Y1 - 2013
N2 - Attack representation models (ARMs) (such as attack graphs, attack trees) can be used to model and assess security of a networked system. To do this, one must generate an ARM. However, generation and evaluation of the ARM suffer from a scalability problem when the size of the networked system is very large (e.g., 10,000 computer hosts in the network with a complex network topology). The main reason is that computing all possible attack scenarios to cover all aspects of an attack results in a state space explosion. One idea is to use only important hosts and vulnerabilities in the networked system to generate and evaluate security. We propose to use k-importance measures to generate a two-layer hierarchical ARM that will improve the scalability of model generation and security evaluation computational complexities. We use k 1 number of important hosts based on network centrality measures and k 2 number of significant vulnerabilities of hosts using host security metrics. We show that an equivalent security analysis can be achieved using our approach (using k-importance measures), compared to an exhaustive search.
AB - Attack representation models (ARMs) (such as attack graphs, attack trees) can be used to model and assess security of a networked system. To do this, one must generate an ARM. However, generation and evaluation of the ARM suffer from a scalability problem when the size of the networked system is very large (e.g., 10,000 computer hosts in the network with a complex network topology). The main reason is that computing all possible attack scenarios to cover all aspects of an attack results in a state space explosion. One idea is to use only important hosts and vulnerabilities in the networked system to generate and evaluate security. We propose to use k-importance measures to generate a two-layer hierarchical ARM that will improve the scalability of model generation and security evaluation computational complexities. We use k 1 number of important hosts based on network centrality measures and k 2 number of significant vulnerabilities of hosts using host security metrics. We show that an equivalent security analysis can be achieved using our approach (using k-importance measures), compared to an exhaustive search.
U2 - 10.1007/978-3-319-04283-1_17
DO - 10.1007/978-3-319-04283-1_17
M3 - Conference paper
SN - 9783319042824
T3 - Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
SP - 270
EP - 287
BT - Security and Privacy in Communication Networks
A2 - Zia, Tanveer
A2 - Zomaya, Albert
A2 - Varadharajan, Vijay
A2 - Mao, Morley
PB - Springer
CY - Cham
ER -