research-article

Pareto-Optimal Adversarial Defense of Enterprise Systems

Authors:

Sushil Jajodia,

Andrea Pugliese,

Antonino Rullo,

V. S. SubrahmanianAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 17, Issue 3

Article No.: 11, Pages 1 - 39

https://doi.org/10.1145/2699907

Published: 09 March 2015 Publication History

Abstract

The National Vulnerability Database (NVD) maintained by the US National Institute of Standards and Technology provides valuable information about vulnerabilities in popular software, as well as any patches available to address these vulnerabilities. Most enterprise security managers today simply patch the most dangerous vulnerabilities—an adversary can thus easily compromise an enterprise by using less important vulnerabilities to penetrate an enterprise. In this article, we capture the vulnerabilities in an enterprise as a Vulnerability Dependency Graph (VDG) and show that attacks graphs can be expressed in them. We first ask the question: What set of vulnerabilities should an attacker exploit in order to maximize his expected impact? We show that this problem can be solved as an integer linear program. The defender would obviously like to minimize the impact of the worst-case attack mounted by the attacker—but the defender also has an obligation to ensure a high productivity within his enterprise. We propose an algorithm that finds a Pareto-optimal solution for the defender that allows him to simultaneously maximize productivity and minimize the cost of patching products on the enterprise network. We have implemented this framework and show that runtimes of our computations are all within acceptable time bounds even for large VDGs containing 30K edges and that the balance between productivity and impact of attacks is also acceptable.

References

[1]

Massimiliano Albanese, Sushil Jajodia, Anoop Singhal, and Lingyu Wang. 2013. An efficient approach to assessing the risk of zero-day vulnerabilities. In Proceedings of the 10th International Conference on Security and Cryptpgraphy (SECRYPT). Reykjavik, Iceland.

[2]

Tansu Alpcan and Sonja Buchegger. 2011. Security games for vehicular networks. IEEE Transactions on Mobile Computing 10, 2 (2011), 280--290.

Digital Library

[3]

Eitan Altman, Konstantin Avrachenkov, and Andrey Gamaev. 2009. Jamming in wireless networks: The case of several jammers. In Proceedings of the First ICST International Conference on Game Theory for Networks (GameNets’09). IEEE Press, 585--592.

Digital Library

[4]

Paul Ammann, Duminda Wijesekera, and Saket Kaushik. 2002. Scalable, graph-based network vulnerability analysis. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002). Washington, DC, USA, 217--224.

Digital Library

[5]

Cynthia Barnhart, Ellis L. Johnson, George L. Nemhauser, Martin W. P. Savelsbergh, and Pamela H. Vance. 1998. Branch-and-price: Column generation for solving huge integer programs. Operations Research 46, 3 (1998), pp. 316--329.

Digital Library

[6]

Tamer Basar. 2006. The Gaussian test channel with an intelligent jammer. IEEE Transactions on Information Theory. 29, 1 (2006), 152--157.

Digital Library

[7]

Marc Dacier. 1994. Towards Quantitative Evaluation of Computer Security. Ph.D. Dissertation. Institut National Polytechnique de Toulouse.

[8]

Rinku Dewri, Nayot Poolsappasit, Indrajit Ray, and Darrell Whitley. 2007. Optimal security hardening using multi-objective optimization on attack tree models of networks. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07). ACM, New York, NY, USA, 204--213.

Digital Library

[9]

Rinku Dewri, Indrajit Ray, Nayot Poolsappasit, and Darrell Whitley. 2012. Optimal security hardening on attack tree models of networks: a cost-benefit analysis. International Journal of Information Security 11, 3 (2012), 167--188.

Digital Library

[10]

Felix Foret. 2004. How to create and deploy a successful patch management policy and program. SANS Institute (2004).

[11]

Zhu Han, Ninoslav Marina, Mérouane Debbah, and Are Hjørungnes. 2009. Physical layer security game: How to date a girl with her boyfriend on the same table. In Proceedings of the First ICST International Conference on Game Theory for Networks (GameNets’09). IEEE Press, Piscataway, NJ, USA, 287--294.

Digital Library

[12]

Sushil Jajodia, Steven Noel, Pramod Kalapa, Massimiliano Albanese, and John Williams. 2011. Cauldron: Mission-centric cyber situational awareness with defense in depth. In Proceedings of the Military Communications Conference (MILCOM 2011).

[13]

Sushil Jajodia, Steven Noel, and Brian O’Berry. 2005. Managing Cyber Threats: Issues, Approaches, and Challenges. Massive Computing, Vol. 5. Springer, Chapter Topological Analysis of Network Attack Vulnerability, 247--266.

[14]

Somesh Jha, Oleg Sheyner, and Jeannette Wing. 2002. Two formal analyses of attack graphs. In Proceedings of 15th IEEE Computer Security Foundations Workshop (CSFW 2002). Cape Breton, Canada.

Digital Library

[15]

David S. Johnson, Christos H. Papadimitriou, and Mihalis Yannakakis. 1988. On generating all maximal independent sets. Information Processing Letters 27, 3 (1988), 119--123.

Digital Library

[16]

Akshay Kashyap, Tamer Basar, and R. Srikant. 2004. Correlated jamming on MIMO gaussian fading channels. IEEE Transactions on Information Theory 50, 9 (2004), 2119--2123.

Digital Library

[17]

Eugene L. Lawler, Jan Karel Lenstra, and A. H. G. Rinnooy Kan. 1980. Generating all maximal independent sets: NP-hardness and polynomial-time algorithms. SIAM Journal on Computing 9, 3 (1980), 558--565.

[18]

Mohammad Hossein Manshaei, Quanyan Zhu, Tansu Alpcan, Tamer Bacşar, and Jean-Pierre Hubaux. 2013. Game theory meets network security and privacy. ACM Computing Survey 45, 3 (July 2013), 25:1--25:39.

Digital Library

[19]

Peter Mell, Tiffany Bergeron, and David Henning. 2005. Creating a patch and vulnerability management program. NIST Special Publication 800-40, Version 2.0 (2005).

[20]

Peter Mell, Karen Scarfone, and Sasha Romanosky. 2006. Common vulnerability scoring system. IEEE Security & Privacy 4, 6 (November/December 2006), 85--89.

Digital Library

[21]

A. Messac, A. Ismail-Yahaya, and C. A. Mattson. 2003. The normalized normal constraint method for generating the Pareto frontier. Structural and Multidisciplinary Optimization 25, 2 (2003), 86--98.

[22]

Ibrahim Muter, S. Ilker Birbil, and Kerem Bülbül. 2013. Simultaneous column-and-row generation for large-scale linear programs with column-dependent-rows. Math. Program. 142, 1--2 (2013), 47--82.

Digital Library

[23]

Steven Noel, Eric Robertson, and Sushil Jajodia. 2004. Correlating intrusion events and building attack scenarios through attack graph distances. In Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC 2004). Tucson, AZ, USA, 350--359.

Digital Library

[24]

Rodolphe Ortalo, Yves Deswarte, and Mohamed Kaâniche. 1999. Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Transactions on Software Engineering 25, 5 (September/October 1999), 633--650.

Digital Library

[25]

Christos H. Papadimitriou. 1994. Computational Complexity. Addison-Wesley. I--XV, 1--523 pages.

[26]

Cynthia Phillips and Laura Painton Swiler. 1998. A graph-based system for network-vulnerability analysis. In Proceedings of the New Security Paradigms Workshop (NSPW 1998). Charlottesville, VA, USA, 71--79.

Digital Library

[27]

Nayot Poolsappasit, Rinku Dewri, and Indrajit Ray. 2012. Dynamic security risk management using bayesian attack graphs. IEEE Transactions on Dependable Security Computing 9, 1 (2012), 61--74.

Digital Library

[28]

C. R. Ramakrishnan and R. Sekar. 2002. Model-based analysis of configuration vulnerabilities. Journal of Computer Security 10, 1/2 (2002), 189--209.

Digital Library

[29]

Matei Ripeanu, Adriana Iamnitchi, and Ian T. Foster. 2002. Mapping the gnutella network. IEEE Internet Computing 6, 1 (2002), 50--57.

Digital Library

[30]

Ronald W. Ritchey and Paul Ammann. 2000. Using model checking to analyze network vulnerabilities. In Proceedings of the 2000 IEEE Symposium on Research on Security and Privacy (S&P 2000). Berkeley, CA, USA, 156--165.

Digital Library

[31]

Oleg Sheyner, Joshua Haines, Somesh Jha, Richard Lippmann, and Jeannette M. Wing. 2002. Automated generation and analysis of attack graphs. In Proceedings of the 2002 IEEE Symposium on Security and Privacy (S&P 2002). Berkeley, CA, USA, 273--284.

Digital Library

[32]

Stanford Large Network Dataset Collection. 2014. Gnutella peer to peer network from August 4, 2002. http://snap.stanford.edu/data/p2p-Gnutella04.html. (2014).

[33]

Laura P. Swiler, Cynthia Phillips, David Ellis, and Stefan Chakerian. 2001. Computer-attack graph generation tool. In Proceedings of the DARPA Information Survivability Conference & Exposition II (DISCEX 2001), Vol. 2. Anaheim, CA, USA, 307--321.

[34]

Tenable Network Security®. 2014. The Nessus® vulnerability scanner. http://www.tenable.com/products/nessus. (2014).

[35]

The MITRE Corporation. 2011. Common Weakness Scoring System (CWSS™). http://cwe.mitre.org/cwss/. (June 2011). Version 0.8.

[36]

Heinrich von Stackelberg, Damien Bazin, Rowland Hill, and Lynn Urch. 2010. Market Structure and Equilibrium. Springer.

[37]

Lingyu Wang, Anyi Liu, and Sushil Jajodia. 2006a. Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts. Computer Communications 29, 15 (September 2006), 2917--2933.

Digital Library

[38]

Lingyu Wang, Steven Noel, and Sushil Jajodia. 2006b. Minimum-cost network hardening using attack graphs. Computer Communications 29, 18 (November 2006), 3812--3824.

Digital Library

[39]

Dan Zerkle and Karl Levitt. 1996. NetKuang - A multi-host configuration vulnerability checker. In Proceedings of the 6th USENIX Security Symposium. San Jose, CA, USA.

Digital Library

[40]

Quanyan Zhu and Tamer Basar. 2009. Dynamic policy-based IDS configuration. In Proceedings of the 48th IEEE Conference on Decision and Control, (CDC'09), combined with the 28th Chinese Control Conference. Shanghai, China. 8600--8605.

[41]

Quanyan Zhu, Linda Bushnell, and Tamer Basar. 2012a. Game-theoretic analysis of node capture and cloning attack with multiple attackers in wireless sensor networks. In CDC. IEEE, 3404--3411.

[42]

Quanyan Zhu, Carol J. Fung, Raouf Boutaba, and Tamer Basar. 2012b. GUIDEX: A game-theoretic incentive-based mechanism for intrusion detection networks. IEEE Journal on Selected Areas in Communications 30, 11 (2012), 2220--2230.

[43]

Quanyan Zhu, Husheng Li, Zhu Han, and Tamer Basar. 2010. A stochastic game model for jamming in multi-channel cognitive radio systems. In ICC. IEEE, 1--6.

Cited By

Kim DJeon SKim KKang JLee SSeo J(2024)Guide to developing case-based attack scenarios and establishing defense strategies for cybersecurity exercise in ICS environmentThe Journal of Supercomputing10.1007/s11227-024-06273-980:15(21642-21675)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1007/s11227-024-06273-9
Said SHajlaoui JOmri M(2024)A Survey on the Optimization of Security Components Placement in Internet of ThingsJournal of Network and Systems Management10.1007/s10922-024-09852-632:4Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1007/s10922-024-09852-6
Amro AGkioulos VKatsikas S(2023)Assessing Cyber Risk in Cyber-Physical Systems Using the ATT&CK FrameworkACM Transactions on Privacy and Security10.1145/357173326:2(1-33)Online publication date: 13-Mar-2023
https://dl.acm.org/doi/10.1145/3571733
Show More Cited By

Index Terms

Pareto-Optimal Adversarial Defense of Enterprise Systems

Recommendations

SHARE: A Stackelberg Honey-Based Adversarial Reasoning Engine
Special Issue on Artificial Intelligence for Secruity and Privacy and Regular Papers

A “noisy-rich” (NR) cyber-attacker (Lippmann et al. 2012) is one who tries all available vulnerabilities until he or she successfully compromises the targeted network. We develop an adversarial foundation, based on Stackelberg games, for how NR-...
A Tale of Three Cyber-Defense Workshops

The National Cyber Defense Initiative (NCDI) has been working behind the scenes to help inform the US research agenda for strategic cyber defense. An important part of the NDCI's activities has been sponsorship of three workshops: the 2006 Safe-...
Adaptive Defense Against Various Network Attacks

In defending against various network attacks, such as distributed denial-of-service (DDoS) attacks or worm attacks, a defense system needs to deal with various network conditions and dynamically changing attacks. Therefore, a good defense system needs ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 17, Issue 3

March 2015

124 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/2744298

Editor:
Gene Tsudik
University of California at Irvine, USA

Issue’s Table of Contents

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 March 2015

Accepted: 01 October 2014

Revised: 01 August 2014

Received: 01 January 2014

Published in TISSEC Volume 17, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

41
Total Citations
View Citations
656
Total Downloads

Downloads (Last 12 months)22
Downloads (Last 6 weeks)3

Reflects downloads up to 26 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kim DJeon SKim KKang JLee SSeo J(2024)Guide to developing case-based attack scenarios and establishing defense strategies for cybersecurity exercise in ICS environmentThe Journal of Supercomputing10.1007/s11227-024-06273-980:15(21642-21675)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1007/s11227-024-06273-9
Said SHajlaoui JOmri M(2024)A Survey on the Optimization of Security Components Placement in Internet of ThingsJournal of Network and Systems Management10.1007/s10922-024-09852-632:4Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1007/s10922-024-09852-6
Amro AGkioulos VKatsikas S(2023)Assessing Cyber Risk in Cyber-Physical Systems Using the ATT&CK FrameworkACM Transactions on Privacy and Security10.1145/357173326:2(1-33)Online publication date: 13-Mar-2023
https://dl.acm.org/doi/10.1145/3571733
Di Tizio GSpeicher PSimeonovski MBackes MStock BKünnemann R(2023)Pareto-optimal Defenses for the Web Infrastructure: Theory and PracticeACM Transactions on Privacy and Security10.1145/356759526:2(1-36)Online publication date: 13-Mar-2023
https://dl.acm.org/doi/10.1145/3567595
Barrera DBellman CVan Oorschot P(2023)Security Best Practices: A Critical Analysis Using IoT as a Case StudyACM Transactions on Privacy and Security10.1145/356339226:2(1-30)Online publication date: 13-Mar-2023
https://dl.acm.org/doi/10.1145/3563392
Żebrowski PCouce‐Vieira AMancuso A(2022)A Bayesian Framework for the Analysis and Optimal Mitigation of Cyber Threats to Cyber‐Physical SystemsRisk Analysis10.1111/risa.1390042:10(2275-2290)Online publication date: Mar-2022
https://doi.org/10.1111/risa.13900
Aggarwal PThakoor OJabbari SCranford ELebiere CTambe MGonzalez C(2022)Designing effective masking strategies for cyberdefense through human experimentation and cognitive modelsComputers & Security10.1016/j.cose.2022.102671117(102671)Online publication date: Jun-2022
https://doi.org/10.1016/j.cose.2022.102671
Zenitani K(2022)A multi-objective cost–benefit optimization algorithm for network hardeningInternational Journal of Information Security10.1007/s10207-022-00586-721:4(813-832)Online publication date: 1-Aug-2022
https://dl.acm.org/doi/10.1007/s10207-022-00586-7
Li MDong WZheng XCarie ATian Y(2022)A Bi-Level Stochastic Model with Averse Risk and Hidden Information for Cyber-Network InterdictionProceedings of International Conference on Computing and Communication Networks10.1007/978-981-19-0604-6_49(523-538)Online publication date: 9-Jul-2022
https://doi.org/10.1007/978-981-19-0604-6_49
Aggarwal PJabbari SThakoor OCranford EVayanos PLebiere CTambe MGonzalez C(2022)Human-Subject Experiments on Risk-Based Cyber Camouflage GamesCyber Deception10.1007/978-3-031-16613-6_2(25-40)Online publication date: 7-Oct-2022
https://doi.org/10.1007/978-3-031-16613-6_2
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents