Scalable Security Model Generation and Analysis Using k-importance Measures

Jin Bum Hong, Dong Seong Kim

Research output: Chapter in Book/Conference paperConference paper

12 Citations (Scopus)

Abstract

Attack representation models (ARMs) (such as attack graphs, attack trees) can be used to model and assess security of a networked system. To do this, one must generate an ARM. However, generation and evaluation of the ARM suffer from a scalability problem when the size of the networked system is very large (e.g., 10,000 computer hosts in the network with a complex network topology). The main reason is that computing all possible attack scenarios to cover all aspects of an attack results in a state space explosion. One idea is to use only important hosts and vulnerabilities in the networked system to generate and evaluate security. We propose to use k-importance measures to generate a two-layer hierarchical ARM that will improve the scalability of model generation and security evaluation computational complexities. We use k 1 number of important hosts based on network centrality measures and k 2 number of significant vulnerabilities of hosts using host security metrics. We show that an equivalent security analysis can be achieved using our approach (using k-importance measures), compared to an exhaustive search.
Original languageEnglish
Title of host publicationSecurity and Privacy in Communication Networks
Subtitle of host publication9th International Conference on Security and Privacy in Communication Systems
EditorsTanveer Zia, Albert Zomaya, Vijay Varadharajan, Morley Mao
Place of PublicationCham
PublisherSpringer
Pages270-287
Number of pages18
ISBN (Electronic)9783319042831
ISBN (Print)9783319042824
DOIs
Publication statusPublished - 2013
Externally publishedYes
Event9th International ICST Conference on Security and Privacy in Communication Networks - Sydney, Australia
Duration: 25 Sep 201328 Sep 2013

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
PublisherSpringer
Volume127
ISSN (Print)1867-8211
ISSN (Electronic)1867-822X

Conference

Conference9th International ICST Conference on Security and Privacy in Communication Networks
Abbreviated titleSecureComm 2013
CountryAustralia
CitySydney
Period25/09/1328/09/13

Fingerprint

Scalability
Complex networks
Explosions
Computational complexity
Topology

Cite this

Hong, J. B., & Kim, D. S. (2013). Scalable Security Model Generation and Analysis Using k-importance Measures. In T. Zia, A. Zomaya, V. Varadharajan, & M. Mao (Eds.), Security and Privacy in Communication Networks: 9th International Conference on Security and Privacy in Communication Systems (pp. 270-287). (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering; Vol. 127). Cham: Springer. https://doi.org/10.1007/978-3-319-04283-1_17
Hong, Jin Bum ; Kim, Dong Seong. / Scalable Security Model Generation and Analysis Using k-importance Measures. Security and Privacy in Communication Networks: 9th International Conference on Security and Privacy in Communication Systems. editor / Tanveer Zia ; Albert Zomaya ; Vijay Varadharajan ; Morley Mao. Cham : Springer, 2013. pp. 270-287 (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering).
@inproceedings{ceb5e59183f941a586819a9226c8163e,
title = "Scalable Security Model Generation and Analysis Using k-importance Measures",
abstract = "Attack representation models (ARMs) (such as attack graphs, attack trees) can be used to model and assess security of a networked system. To do this, one must generate an ARM. However, generation and evaluation of the ARM suffer from a scalability problem when the size of the networked system is very large (e.g., 10,000 computer hosts in the network with a complex network topology). The main reason is that computing all possible attack scenarios to cover all aspects of an attack results in a state space explosion. One idea is to use only important hosts and vulnerabilities in the networked system to generate and evaluate security. We propose to use k-importance measures to generate a two-layer hierarchical ARM that will improve the scalability of model generation and security evaluation computational complexities. We use k 1 number of important hosts based on network centrality measures and k 2 number of significant vulnerabilities of hosts using host security metrics. We show that an equivalent security analysis can be achieved using our approach (using k-importance measures), compared to an exhaustive search.",
author = "Hong, {Jin Bum} and Kim, {Dong Seong}",
year = "2013",
doi = "10.1007/978-3-319-04283-1_17",
language = "English",
isbn = "9783319042824",
series = "Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering",
publisher = "Springer",
pages = "270--287",
editor = "Zia, {Tanveer } and Zomaya, {Albert } and Varadharajan, {Vijay } and Mao, {Morley }",
booktitle = "Security and Privacy in Communication Networks",
address = "Netherlands",

}

Hong, JB & Kim, DS 2013, Scalable Security Model Generation and Analysis Using k-importance Measures. in T Zia, A Zomaya, V Varadharajan & M Mao (eds), Security and Privacy in Communication Networks: 9th International Conference on Security and Privacy in Communication Systems. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 127, Springer, Cham, pp. 270-287, 9th International ICST Conference on Security and Privacy in Communication Networks , Sydney, Australia, 25/09/13. https://doi.org/10.1007/978-3-319-04283-1_17

Scalable Security Model Generation and Analysis Using k-importance Measures. / Hong, Jin Bum; Kim, Dong Seong.

Security and Privacy in Communication Networks: 9th International Conference on Security and Privacy in Communication Systems. ed. / Tanveer Zia; Albert Zomaya; Vijay Varadharajan; Morley Mao. Cham : Springer, 2013. p. 270-287 (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering; Vol. 127).

Research output: Chapter in Book/Conference paperConference paper

TY - GEN

T1 - Scalable Security Model Generation and Analysis Using k-importance Measures

AU - Hong, Jin Bum

AU - Kim, Dong Seong

PY - 2013

Y1 - 2013

N2 - Attack representation models (ARMs) (such as attack graphs, attack trees) can be used to model and assess security of a networked system. To do this, one must generate an ARM. However, generation and evaluation of the ARM suffer from a scalability problem when the size of the networked system is very large (e.g., 10,000 computer hosts in the network with a complex network topology). The main reason is that computing all possible attack scenarios to cover all aspects of an attack results in a state space explosion. One idea is to use only important hosts and vulnerabilities in the networked system to generate and evaluate security. We propose to use k-importance measures to generate a two-layer hierarchical ARM that will improve the scalability of model generation and security evaluation computational complexities. We use k 1 number of important hosts based on network centrality measures and k 2 number of significant vulnerabilities of hosts using host security metrics. We show that an equivalent security analysis can be achieved using our approach (using k-importance measures), compared to an exhaustive search.

AB - Attack representation models (ARMs) (such as attack graphs, attack trees) can be used to model and assess security of a networked system. To do this, one must generate an ARM. However, generation and evaluation of the ARM suffer from a scalability problem when the size of the networked system is very large (e.g., 10,000 computer hosts in the network with a complex network topology). The main reason is that computing all possible attack scenarios to cover all aspects of an attack results in a state space explosion. One idea is to use only important hosts and vulnerabilities in the networked system to generate and evaluate security. We propose to use k-importance measures to generate a two-layer hierarchical ARM that will improve the scalability of model generation and security evaluation computational complexities. We use k 1 number of important hosts based on network centrality measures and k 2 number of significant vulnerabilities of hosts using host security metrics. We show that an equivalent security analysis can be achieved using our approach (using k-importance measures), compared to an exhaustive search.

U2 - 10.1007/978-3-319-04283-1_17

DO - 10.1007/978-3-319-04283-1_17

M3 - Conference paper

SN - 9783319042824

T3 - Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

SP - 270

EP - 287

BT - Security and Privacy in Communication Networks

A2 - Zia, Tanveer

A2 - Zomaya, Albert

A2 - Varadharajan, Vijay

A2 - Mao, Morley

PB - Springer

CY - Cham

ER -

Hong JB, Kim DS. Scalable Security Model Generation and Analysis Using k-importance Measures. In Zia T, Zomaya A, Varadharajan V, Mao M, editors, Security and Privacy in Communication Networks: 9th International Conference on Security and Privacy in Communication Systems. Cham: Springer. 2013. p. 270-287. (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering). https://doi.org/10.1007/978-3-319-04283-1_17