Research Article
Scalable Security Model Generation and Analysis Using -importance Measures
@INPROCEEDINGS{10.1007/978-3-319-04283-1_17, author={Jin Hong and Dong Kim}, title={Scalable Security Model Generation and Analysis Using -importance Measures}, proceedings={Security and Privacy in Communication Networks. 9th International ICST Conference, SecureComm 2013, Sydney, NSW, Australia, September 25-28, 2013, Revised Selected Papers}, proceedings_a={SECURECOMM}, year={2014}, month={6}, keywords={Attack Models Network Centrality Security Analysis Security Metrics}, doi={10.1007/978-3-319-04283-1_17} }- Jin Hong
Dong Kim
Year: 2014
Scalable Security Model Generation and Analysis Using -importance Measures
SECURECOMM
Springer
DOI: 10.1007/978-3-319-04283-1_17
Abstract
Attack representation models (ARMs) (such as attack graphs, attack trees) can be used to model and assess security of a networked system. To do this, one must generate an ARM. However, generation and evaluation of the ARM suffer from a scalability problem when the size of the networked system is very large (e.g., 10,000 computer hosts in the network with a complex network topology). The main reason is that computing all possible attack scenarios to cover all aspects of an attack results in a state space explosion. One idea is to use only important hosts and vulnerabilities in the networked system to generate and evaluate security. We propose to use -importance measures to generate a two-layer hierarchical ARM that will improve the scalability of model generation and security evaluation computational complexities. We use number of important hosts based on network centrality measures and number of significant vulnerabilities of hosts using host security metrics. We show that an equivalent security analysis can be achieved using our approach (using -importance measures), compared to an exhaustive search.