Article

Time-efficient and cost-effective network hardening using attack graphs

Authors:

DSN '12: Proceedings of the 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

Pages 1 - 12

Published: 25 June 2012 Publication History

Abstract

Attack graph analysis has been established as a powerful tool for analyzing network vulnerability. However, previous approaches to network hardening look for exact solutions and thus do not scale. Further, hardening elements have been treated independently, which is inappropriate for real environments. For example, the cost for patching many systems may be nearly the same as for patching a single one. Or patching a vulnerability may have the same effect as blocking traffic with a firewall, while blocking a port may deny legitimate service. By failing to account for such hardening interdependencies, the resulting recommendations can be unrealistic and far from optimal. Instead, we formalize the notion of hardening strategy in terms of allowable actions, and define a cost model that takes into account the impact of interdependent hardening actions. We also introduce a near-optimal approximation algorithm that scales linearly with the size of the graphs, which we validate experimentally.

Cited By

View all

Ge MHong JGuttmann WKim D(2017)A framework for automating security analysis of the internet of thingsJournal of Network and Computer Applications10.1016/j.jnca.2017.01.03383:C(12-27)Online publication date: 1-Apr-2017
https://dl.acm.org/doi/10.1016/j.jnca.2017.01.033
(2017)A survey on the usability and practical applications of Graphical Security ModelsComputer Science Review10.1016/j.cosrev.2017.09.00126:C(1-16)Online publication date: 1-Nov-2017
https://dl.acm.org/doi/10.1016/j.cosrev.2017.09.001
Alsaleh MAl-Shaer EHusari G(2017)ROI-Driven Cyber Risk Mitigation Using Host Compliance and Network ConfigurationJournal of Network and Systems Management10.1007/s10922-017-9428-x25:4(759-783)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1007/s10922-017-9428-x
Show More Cited By

Recommendations

Minimum-cost network hardening using attack graphs

In defending one's network against cyber attack, certain vulnerabilities may seem acceptable risks when considered in isolation. But an intruder can often infiltrate a seemingly well-guarded network through a multi-step intrusion, in which each step ...
Game-Theoretic Algorithms for Optimal Network Security Hardening Using Attack Graphs
AAMAS '15: Proceedings of the 2015 International Conference on Autonomous Agents and Multiagent Systems

In network security hardening a network administrator may need to use limited resources (such as honeypots) to harden a network against possible attacks. Attack graphs are a common formal model used to represent possible attacks. However, most existing ...
Toward measuring network security using attack graphs
QoP '07: Proceedings of the 2007 ACM workshop on Quality of protection

In measuring the overall security of a network, a crucial issue is to correctly compose the measure of individual components. Incorrect compositions may lead to misleading results. For example, a network with less vulnerabilities or a more diversified ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

DSN '12: Proceedings of the 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

June 2012

588 pages

ISBN:9781467316248

Publisher

IEEE Computer Society

United States

Publication History

Published: 25 June 2012

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 02 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Ge MHong JGuttmann WKim D(2017)A framework for automating security analysis of the internet of thingsJournal of Network and Computer Applications10.1016/j.jnca.2017.01.03383:C(12-27)Online publication date: 1-Apr-2017
https://dl.acm.org/doi/10.1016/j.jnca.2017.01.033
(2017)A survey on the usability and practical applications of Graphical Security ModelsComputer Science Review10.1016/j.cosrev.2017.09.00126:C(1-16)Online publication date: 1-Nov-2017
https://dl.acm.org/doi/10.1016/j.cosrev.2017.09.001
Alsaleh MAl-Shaer EHusari G(2017)ROI-Driven Cyber Risk Mitigation Using Host Compliance and Network ConfigurationJournal of Network and Systems Management10.1007/s10922-017-9428-x25:4(759-783)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1007/s10922-017-9428-x
Alsaleh MHusari GAl-Shaer E(2016)Optimizing the RoI of Cyber Risk MitigationProceedings of the 12th Conference on International Conference on Network and Service Management10.5555/3375069.3375097(223-227)Online publication date: 31-Oct-2016
https://dl.acm.org/doi/10.5555/3375069.3375097
Pendleton MGarcia-Lebron RCho JXu S(2016)A Survey on Systems Security MetricsACM Computing Surveys10.1145/300571449:4(1-35)Online publication date: 20-Dec-2016
https://dl.acm.org/doi/10.1145/3005714
Nandi AMedal HVadlamani S(2016)Interdicting attack graphs to protect organizations from cyber attacksComputers and Operations Research10.1016/j.cor.2016.05.00575:C(118-131)Online publication date: 1-Nov-2016
https://dl.acm.org/doi/10.1016/j.cor.2016.05.005

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Recommendations

Minimum-cost network hardening using attack graphs

Game-Theoretic Algorithms for Optimal Network Security Hardening Using Attack Graphs

Toward measuring network security using attack graphs

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations