• DocumentCode
    2813676
  • Title

    Risk management using behavior based attack graphs

  • Author

    Dantu, Ram ; Loper, Kall ; Kolan, Prakash

  • Author_Institution
    North Texas Univ., Denton, TX, USA
  • Volume
    1
  • fYear
    2004
  • fDate
    5-7 April 2004
  • Firstpage
    445
  • Abstract
    Security administration is an uphill task to implement in an enterprise network providing secured corporate services. With the slew of patches being released by Microsoft, HP and other vendors, system administrators require a barrage of tools for analyzing the risk due to these vulnerabilities. In addition to this, criticalities in patching some end hosts (e.g., in hospitals) raises serious security issues about the network to which the end hosts are connected. In this context, it would be imperative to know the risk level of all critical resources (e.g., Oracle Server in HR department) keeping in view the everyday emerging new vulnerabilities. We hypothesize that sequence of network actions by an attacker depends on the social behavior (e.g., skill level, tenacity, financial ability). By verifying our hypothesis on hacker email communications, we extended this methodology and calculated risk level for a small network. Towards this goal, we formulated a mechanism to estimate the risk level of critical resources that may be compromised based on attacker behavior. This estimation is accomplished using behavior based attack graphs. These graphs represent all the possible attack paths to all the critical resources. Based on these graphs, we calculate the risk level of a critical resource using Bayesian methodology and periodically update the subjective beliefs about the occurrence of an attack. Such a calculated risk level would be a measure of the vulnerability of the resource and it forms an effective basis for a system administrator to perform suitable changes to network configuration. Thus suitable vulnerability analysis and risk management strategies can be formulated to efficiently curtail the risk from different types of attacker (script kiddies, hackers, criminals and insiders).
  • Keywords
    Bayes methods; computer network management; graph theory; risk management; security of data; telecommunication security; Bayesian methodology; attack occurrence; attack paths; attacker behaviour; behavior based attack graphs; criminals; critical resources; end hosts; enterprise network; hacker email communications; hackers; network action sequence; network configuration; resource vulnerability; risk analysis; risk level; risk management strategies; script kiddies; secured corporate services; security administration; subjective beliefs; vulnerability analysis; Computer hacking; Computer network management; Computer networks; Computer security; Engineering management; Hospitals; Monitoring; Network servers; Risk analysis; Risk management;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004. International Conference on
  • Print_ISBN
    0-7695-2108-8
  • Type

    conf

  • DOI
    10.1109/ITCC.2004.1286496
  • Filename
    1286496