Minimization and Reliability Analyses of Attack Graphs

Jha, Somesh; Sheyner, Oleg; Wing, Jeannette M.

Minimization and Reliability Analyses of Attack Graphs

Active / Technical Report | Accession Number: ADA474191 |

Open PDF

Abstract:

An attack graph is a succinct representation of all paths through a system that end in a state where an intruder has successfully achieved his goal. Today Red Teams determine the vulnerability of networked systems by drawing gigantic attack graphs by hand. Constructing attack graphs by hand is tedious, error-prone, and impractical for large systems. By viewing an attack as a violation of a safety property, we can use model checking to produce attack graphs automatically a successful path from the intruders viewpoint is a counterexample produced by the model checker. In this paper we present an algorithm for generating attack graphs using model checking. Security analysts use attack graphs for detection, defense, and forensics. In this paper we present a minimization technique that allows analysts to decide which minimal set of security measures would guarantee the safety of the system. We provide a formal characterization of this problem we prove that it is polynomially equivalent to the minimum hitting set problem and we present a greedy algorithm with provable bounds. We also present a reliability technique that allows analysts to perform a simple cost-benefit analysis depending on the likelihoods of attacks. By interpreting attack graphs as Markov Decision Processes we can use a standard MDP value iteration algorithm to compute the probabilities of intruder success for each attack the graph. We illustrate our work in the context of a small example that includes models of a firewall and an intrusion detection system.

Author(s):

Jha, Somesh ; Sheyner, Oleg ; Wing, Jeannette M.

Author Organization(s):

CARNEGIE-MELLON UNIV PITTSBURGH PA SCHOOL OF COMPUTER SCIENCE

Supplementary Note:

Sponsored in part by the Defense Advanced Research Projects Agency (DARPA). Parts of this report will appear in paper accepted by the IEEE Symposium on Security and Privacy, Oakland, CA, May 2002; and parts are in a paper submitted to the Computer Security Foundations Workshop, Nova Scotia, June 2002.

Pagination:

0031

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

CMU-CS-02-109

Contract/Grant Number(s):

DAAD19-01-1-0485

Monitor Series:

ARO

Subject Terms

Joint Capability Areas:

JCA_7_Protection; JCA_7.2.1_Mitigate Lethal Effects; JCA_7.2_Mitigate; JCA_6_Net Centric; JCA_5_Command and Control; JCA_5.3_Planning; JCA_6.1.3_Switching and Routing; JCA_6.1_Information Transport; JCA_6.4.1_Secure Information Exchange; JCA_6.4_Information Assurance; JCA_5.3.2_Apply Situational Understanding; JCA_4.7.2_Installation Services; JCA_4.7_Base and Installations Support; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_4.1_Deployment and Distribution; JCA_5.4_Decide; JCA_1.2.5_Lessons Learned

Modernization Areas:

Cyber

Communities of Interest:

Cyber

Descriptor(s):

*ALGORITHMS, *GRAPHS, *ATTACK, *COMPUTER NETWORKS, *INTRUSION DETECTION(COMPUTERS), *COST BENEFIT ANALYSIS, *MARKOV PROCESSES, DECISION MAKING, ITERATIONS, ENGINEERING DRAWINGS, INTRUSION DETECTORS, RELIABILITY, VULNERABILITY, PROBABILITY, DATA PROCESSING SECURITY

Field(s)/Group(s):

Numerical Mathematics, Statistics and Probability, Computer Systems, Safety Engineering

Keyword(s):

*MARKOV DECISION PROCESSES, *RELIABILITY ANALYSIS, *INTRUSION DETECTION SYSTEMS, MINIMIZATION, FORENSICS

Report Date:

2002 Feb 01

Creation Date:

2007 Dec 05