Article

Article title EVALUATION OF CORPORATE NETWORKS SECURITY BASED ON ATTACK GRAPHS
Authors E.S. Abramov, A.V. Andreev, D.V. Mordvin
Section SECTION 6. INFORMATION SAFETY
Month, Year 01, 2012 @en
Index UDC 004.056; 004.8
DOI
Abstract Using attack graphs for the security analysis allows to consider the relationship of individual components and their security parameters. It gives more accurate data to assess the security of the system as a whole comparing with investigation of security properties of the individual nodes. This paper describes the calculation of attack graph, analyze the results and evaluate the effectiveness of existing countermeasures. The model allows dynamic routing, filtering on any network object, NAT. States in attack graph are detailed to triad. In constructing the attack graph takes into account both local and network vulnerability. The results of experimental evaluation of system performance presented. For the analysis of 10000 simulated hosts took an average time of about 100 seconds. The number of access control rules (from 500 to 4000 per simulated subnet) were chosen so that the maximum number of filtering rules for devices were about 1,000.

Download PDF

Keywords Attack graph; security analysis; countermeasures effectiveness; computer simulation; NetSPA; ISO/IEC 15408.
References 1. ISO/IEC 15408-3:2009.
2. Kyle Ingols, Matthew Chu, Richard Lippmann, Seth Webster, Stephen Boyer. Modeling Modern Network Attacks and Countermeasures Using Attack Graphs. Annual Computer Security
Applications Conference, 2009. – Р. 117-126.
3. Sushil Jajodia, Steven Noel. Topological Vulnerability Analysis // Advances in Information Security. – 2010. – Vol. 46, № 4. – Р. 139-154.
4. Common platform enumeration. MITRE. http://cpe.mitre.org.
5. Common Vulnerability Scoring System. Forum of Incident Response and Security Teams, Common Vulnerability Scoring System-Special Interest Group. http://www.first.org/cvss/.
6. National Vulnerability Database. http://nvd.nist.gov/download.cfm.
7. Official Common Platform Enumeration Dictionary. http://nvd.nist.gov/cpe.cfm.
8. ISO/IEC 15408-1:2009.
9. Abramov E., Mordvin D., Makarevich O. Automated method for constructing of network traffic filtering rules. In Proceedings of the 3rd international conference on Security of information and networks (SIN '10). ACM, New York, NY, USA, 2010. – Р. 203-211.
DOI=10.1145/1854099.1854141 http://doi.acm.org/10.1145/1854099.1854141.
10. Common Vulnerabilities and Exposures. MITRE. http://cve.mitre.org/.
11. L. Yuan et al. “FIREMAN: A toolkit for FIREwall modeling and ANalysis,” in IEEE Symposium on Security and Privacy // IEEE Computer Society. – 2006. – P. 199-213.

Comments are closed.