Article

Article title DESIGN OF COUNTERMEASURES FOR SECURITY RISKS OF ENTERPRISE NETWORKS BY USING ATTACK GRAPHS
Authors E.S. Abramov, M.A. Kobilev, L.S. Kramorov, D.V. Mordvin
Section SECTION II. SECURITY OF INFORMATION SYSTEMS AND NETWORKS
Month, Year 02, 2014 @en
Index UDC 004.056.57:004.056.53
DOI
Abstract The article presents the results of the method for automated calculation of countermeasures for network information security threats using attack graph. It describes an algorithm for constructing the attack graph for network vulnerability assessment and for helping in higher quality automated calculation of countermeasures against these vulnerabilities. We propose an algorithm for automated analysis of countermeasures , using a network model and interaction with the network administrator (security executive council), who has knowledge about the specifics of the given network. Allocated 11 vectors counteract vulnerabilities. SEC carries a selection of proposed countermeasures with the pre- calculated results of its application and impact on the overall security. Thus, the use of simulation allows optimal and errorless firewall rules distribution between the firewalls. As a result, the expert can generate instruction of countermeasures in the real network, which should become part of a documented information security policy.

Download PDF

Keywords Vulnerabilities; threats to information security; multi-stage attacks; network attacks; countermeasures; intrusion detection systems; CVSS; CVE; IDS; IPS; firewall.
References 1. Абрамов Е.С., Андреев А.В., Мордвин Д.В. Применение графов атак для моделирования сетевых воздействий // Известия ЮФУ. Технические науки. – 2012. – № 1 (126). – C. 165-174.
2. Kotenko I.; Chechulin A.A. Cyber Attack Modeling and Impact Assessment Framework. 5th International Conference on Cyber Conflict (CyCon), 2013. http://ieeexplore.ieee.org/xpl/abstractReferences.jsp?arnumber=6568374.
3. Ingols K., Lippmann R. and Piwowarski K. Practical attack graph generation for network defense // in ACSAC. IEEE Computer Society. – 2006. – P. 121-130.
4. Williams L., Lippmann R. and Ingols K. GARNET: A graphical attack graph and reachability network evaluation tool // in Visualization for Computer Security (VizSEC), ser. Lecture Notes in Computer Science, J.R. Goodall, G.J. Conti, and K.-L. Ma, Eds. – Springer, 2008. – Vol. 5210. – P. 44-59.
5. “Common Vulnerabilities and Exposures (CVE)” http://cve.mitre.org/, Feb. 2013.
6. Mell P., Scarfone K., Romanosky S. Common Vulnerability Scoring System (CVSS). http://www.first.org/cvss/cvss-guide.html, Feb. 2013.
7. Andreev A.V., Mordvin D.V., Abramov E.S., Makarevich O.B. Corporate networks security evaluation based on attack graphs // In Proceedings of the 4rd international conference on Security of information and networks (SIN '11). ACM, New York, NY, USA.
8. National Institute of Standards and Technology, “National Vulnerability Database, NVD”, http://nvd.nist. gov, Feb. 2013.
9. Mordvin D.V., Abramov E.S., Makarevich O.B. Automated method for constructing of network traffic filtering rules // In Proceedings of the 3rd international conference on Security of information and networks (SIN '10). ACM, New York, NY, USA, http://doi.acm.org/10.1145/1854099.1854141. – P. 203-211.
10. Абрамов Е.С., Андреев А.В., Мордвин Д.В. Методы автоматизации построения правил фильтрации сетевого трафика // Информационное противодействие угрозам терроризма. – 2010. – № 14. – C. 121-127.
11. Абрамов Е.С., Андреев А.В., Мордвин Д.В. Метод и алгоритмы построения правил разграничения доступа между узлами сети // Информационное противодействие угрозам терроризма. – 2010. – № 14. – C. 127-132.
12. National Institute of Standards and Technology, "Security and Privacy Controls for Federal Information Systems and Organizations", http://csrc.nist.gov/publications/drafts/800-53-rev4/sp800-53-rev4-ipd.pdf, Feb. 2013.
13. Anoop Singhal, Ximming Ou, NIST Interagency Report 7788 "Quantitative Security Risk Assessment of Enterprise Networks" http://csrc.nist.gov/publications/nistir/ir7788/NISTIR-7788.pdf, Feb. 2013.

Comments are closed.