Title :
An Efficient Approach to Minimum-Cost Network Hardening Using Attack Graphs
Author :
Chen, Feng ; Wang, Lingyu ; Su, Jinshu
Author_Institution :
Sch. of Comput., Nat. Univ. of Defense Technol., Changsha
Abstract :
Attack graphs can reveal the threat of sophisticated multi-step attacks by enumerating possible sequences of exploits leading to the compromise of given critical resources. Finding a solution to remove such threats by hands is tedious and error prone, particularly for larger and poorly secured networks. Existing automated approaches for hardening a network has an exponential complexity and is not scalable to large networks. This paper proposes a novel approach of applying the Reduced Ordered Binary Decision Diagram (ROBDD) method to network hardening. Existing mature optimization techniques in ROBDD makes the proposed approach an efficient solution that can potentially be applied to large networks.
Keywords :
binary decision diagrams; optimisation; security of data; attack graphs; critical resources; minimum-cost network hardening; optimization techniques; reduced ordered binary decision diagram method; sophisticated multi-step attacks; Boolean functions; Computer errors; Computer networks; Computer security; Costs; Data structures; Information security; Information systems; Logic; National security; Attack Graphs; Minimum-Cost; network securty; vulnerability;
Conference_Titel :
Information Assurance and Security, 2008. ISIAS '08. Fourth International Conference on
Conference_Location :
Naples
Print_ISBN :
978-0-7695-3324-7
DOI :
10.1109/IAS.2008.38
