Call for Paper - September 2021 Edition
IJCA solicits original research papers for the September 2021 Edition. Last date of manuscript submission is August 20, 2021. Read More

A Graph theoretical approach to Network Vulnerability Analysis and Countermeasures

Print
PDF
Network Security and Cryptography
© 2011 by IJCA Journal
NSC - Number 1
Year of Publication: 2011
Authors:
Dr.Thaier Hamid
Prof. Carsten Maple
10.5120/4320-007

Dr.Thaier Hamid and Prof. Carsten Maple. Article: A Graph theoretical approach to Network Vulnerability Analysis and Countermeasures. IJCA Special Issue on Network Security and Cryptography NSC(1):13-18, December 2011. Full text available. BibTeX

@article{key:article,
	author = {Dr.Thaier Hamid and Prof. Carsten Maple},
	title = {Article: A Graph theoretical approach to Network Vulnerability Analysis and Countermeasures},
	journal = {IJCA Special Issue on Network Security and Cryptography},
	year = {2011},
	volume = {NSC},
	number = {1},
	pages = {13-18},
	month = {December},
	note = {Full text available}
}

Abstract

Computer networks are certainly vulnerable as long as they deliver services from different machines. An attack graph is a security model representing the chains of vulnerability exploits in a network displays the ways an attacker can compromise a network or host. A number of researchers have admitted attack graph visual complications and a large amount of source data must be assembled to accurately build an attack graph, the difficulty scaling to large, enterprise-size networks with tens of thousands of hosts and the lack comprehensive understanding. Information on vulnerabilities is present in public vulnerability databases, such as the National Vulnerability Database and Nessus. But current attack graph tools are reserved to only limited attributes. The automatic formation of vulnerability information has been troublesome and vulnerability descriptions were created by hand or based on limited information. Much vulnerability has still not been discov-ered and many others without patches or solutions Our approach to developing a cost metric exploits the Markov’s model using combinations well known vulnerabilities (the Common Vulnerability Scoring System, CVSS) and Risk Assessment Values (RAV) and using ranking algorithms (similar to V. Mehta et al. 2006 and kijsanayothin, 2010) but instead of using vulnerabilities. For each host we have developed a cost rank Markov’s model reducing the complexity in the attack graph, representing the network topology and dipping the problem of visibility.

Reference

  • L. He and N. Bode. Network Penetration Test-ing. In EC2ND 2005: Proc. of the First European Conference on Computer Network Defense, pages 3-12, London,2006. Springer-Verlag.
  • E. W. Dijkstra. A Discipline of Programming. Prentice Hall, Upper Saddle River, NJ, USA, 1976.
  • C. S. Wright. A Taxonomy of Information Sys-tems Audits, Assessments and Reviews. SANS Institute, June 2007.
  • B. Schneier. Attack trees: Modeling security threats. Dr. Dobb's Journal, December 1999.
  • W. E. Wesely, F. F. Goldberg, N. H. Roberts, and D. F. Haasl. Fault Tree
  • Secunia Half Year Report 2010, http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf.
  • OSSTMM 3 – The Open Source Security Testing Methodology Manual, Creative Commons 3.0 Attribution-NoDerivs 2001-2010, ISECOM, http://www.isecom.org.
  • Mehta, V., C. Bartzis, H. Zhu, E. M. Clarke, and J. M. Wing (2006). Ranking attack graphs. In D. Zamboni and C. Kr ¨ugel (Eds.), Recent Ad-vances in Intrusion Detection, Volume 4219 of Lecture Notes in Computer Science, pp. 127–144. Springer.
  • Phongphun Kijsanayothin, Network Security Modeling with Intelligent and Complexity Analysis, 2010.
  • ISEGCOM, SCARE 0.1 - The Source Code Analy-sis Risk Evaluation 15. November 2007, www.isecom.org.
  • D. Geer and J. Harthorne. Penetration Testing: A Duet. In ACSAC'02: Proc. of the 18th Annual Computer Security Applications Conference, page 185, Washington, DC, USA, 2002. IEEE Computer Society.
  • Python. Programming language. http://www.python.org/.
  • Tenable network security: The Nessus Security Scanner. http://www.nessus.org. Visited 10-July-2008.
  • S. Noel, M. Jacobs, P. Kalapa, and S. Jajodia. Multiple Coordinated Viewsfor Network Attack Graphs. In VIZSEC'05: Proc. of the IEEE Work-shops on Visualization for Computer Security, page 12, Washington, DC, USA, 2005. IEEE Computer Society.
  • S. Noel and S. Jajodia. Understanding Complex Network Attack Graphs through Clustered Ad-jacency Matrices. In ACSAC '05: Proceedings of the 21st Annual Computer Security Applications Conference, pages 160{169, Washington, DC, USA, 2005. IEEE Computer Society.
  • R. Sawilla and X. Ou. Googling Attack Graphs. Technical Report TM-2007-205, Defense Re-search and Development Canada, September 2007.
  • Brin, S. and L. Page (1998). The anatomy of a large-scale hypertextual web search engine. Compute. Netw. ISDN Syst. 30(1-7), 107–117.
  • Kleinberg, J. M. (1999). Authoritative sources in a hyperlinked environment. J. ACM 46(5), 604–632.
  • Gy¨ongyi, Z., H. Garcia-Molina, and J. Pedersen (2004). Combating web spam with trustrank. In VLDB ’04: Proceedings of the Thirtieth interna-tional conference on Very large data bases, pp. 576–587. VLDB Endowment.
  • ISEGCOM, SCARE 0.1 - The Source Code Analy-sis Risk Evaluation 15. November 2007, www.isecom.org.
  • D. Geer and J. Harthorne. Penetration Testing: A Duet. In ACSAC'02: Proc. of the 18th Annual Computer Security Applications Conference, page 185, Washington, DC, USA, 2002. IEEE Computer Society.
  • Tenable network security: The Nessus Security Scanner. http://www.nessus.org. Visited 10-July-2008.