Optimal security hardening on attack tree models of networks: a cost-benefit analysis

  • Rinku Dewri
  • Indrajit Ray
  • Nayot Poolsappasit
  • Darrell Whitley
Regular Contribution


Researchers have previously looked into the problem of determining whether a given set of security hardening measures can effectively make a networked system secure. However, system administrators are often faced with a more challenging problem since they have to work within a fixed budget which may be less than the minimum cost of system hardening. An attacker, on the other hand, explores alternative attack scenarios to inflict the maximum damage possible when the security controls are in place, very often rendering the optimality of the controls invalid. In this work, we develop a systematic approach to perform a cost-benefit analysis on the problem of optimal security hardening under such conditions. Using evolutionary paradigms such as multi-objective optimization and competitive co-evolution, we model the attacker-defender interaction as an “arms race”, and explore how security controls can be placed in a network to induce a maximum return on investment.


Security management Attack trees Multi-objective optimization Competitive co-evolution 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th Conference on Computer and Communications Security, pp. 217–224 (2002)Google Scholar
  2. 2.
    Jha, S., Sheyner, O., Wing, J.M.: Two formal analysis of attack graphs. In: Proceedings of the 15th IEEE Computer Security Foundations Workshop, pp. 49–63 (2002)Google Scholar
  3. 3.
    Phillips, C., Swiler, L. P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 New Security Paradigms Workshop, pp. 71–79 (1998)Google Scholar
  4. 4.
    Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 273–284 (2002)Google Scholar
  5. 5.
    Swiler, L., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool. In: Proceedings of the DARPA Information Survivability Conference and Exposition II, pp. 307–321 (2001)Google Scholar
  6. 6.
    Dawkins, J., Campbell, C., Hale, J.: Modeling network attacks: extending the attack tree paradigm. In: Proceedings of the Workshop on Statistical Machine Learning Techniques in Computer Intrusion Detection. Johns Hopkins University (2002)Google Scholar
  7. 7.
    Moore, A.P., Ellison, R.J., Linger, R.C.: Attack modeling for information survivability. Technical Note CMU/SEI-2001-TN-001, Carnegie Melon University/Software Engineering Institute, March (2001)Google Scholar
  8. 8.
    Ray, I., Poolsappasit, N.: Using attack trees to identify malicious attacks from authorized insiders. In: Proceedings of the 10th European Symposium On Research In Computer Security, pp. 231–246 (2005)Google Scholar
  9. 9.
    Schneier B.: Attack Trees. Dr. Dobb’s J. 24(12), 21–29 (1999)Google Scholar
  10. 10.
    Noel, S., Jajodia, S., O’Berry, B., Jacobs, M.: Efficient minimum-cost network hardening via exploit dependency graphs. In: Proceedings of the 19th Annual Computer Security Applications Conference, pp. 86–95 (2003)Google Scholar
  11. 11.
    Dewri, R., Poolsappasit, N., Ray, I., Whitley, D.: Optimal security hardening using multi-objective optimization on attack tree models of networks. In: Proceedings of the 14th Conference on Computer and Communications Security, pp. 204–213 (2007)Google Scholar
  12. 12.
    Gupta M., Rees J., Chaturvedi A., Chi J.: Matching information security vulnerabilities to organizational security policies: a genetic algorithm approach. Decis. Supp. Syst. 41(3), 592–603 (2006)CrossRefGoogle Scholar
  13. 13.
    Bistarelli, S., Dall’Aglio, M., Perretti, P.: Strategic Games on Defense Trees. Formal Aspects in Security and Trust, pp. 1–15. Springer, Berlin (2006)Google Scholar
  14. 14.
    Syverson, P.F.: A different look at secure distributed computation. In: Proceedings of the 10th Computer Security Foundations Workshop, pp. 109–115 (1997)Google Scholar
  15. 15.
    Lye K., Wing J.M.: Game strategies in network security. Int. J. Inf. Secur. 4(1–2), 71–86 (2005)CrossRefGoogle Scholar
  16. 16.
    Sallhammar, K., Knapskog, S.J., Helvik, B.E.: Using stochastic game theory to compute the expected behavior of attackers. In: Proceedings of the 2005 Symposium on Applications and the Internet Workshops, pp. 102–105 (2005)Google Scholar
  17. 17.
    Sallhammar, K., Helvik, B.E., Knapskog, S.J.: Towards a stochastic model for integrated security and dependability evaluation. In: Proceedings of the First International Conference on Availability, Reliability and Security, pp. 156–165 (2006)Google Scholar
  18. 18.
    Liu P., Zang W., Yu M.: Incentive-based modeling and inference of attacker intent, objectives, and strategies. ACM Trans. Inf. Syst. Secur. 8(1), 78–118 (2005)CrossRefGoogle Scholar
  19. 19.
    Buldas A., Laud P., Priisalu J., Saarepera M., Willemson J.: Rational choice of security measures via multi-parameter attack trees. Crit. Inf. Infrastruct. Secur. 4347, 235–248 (2006)CrossRefGoogle Scholar
  20. 20.
    Zhang, Z., Nait-Abdesselam, F., Ho, P.: Boosting Markov Reward models for probabilistic security evaluation by characterizing behaviors of attacker and defender. In: Proceedings of the 3rd International Conference on Availability, Reliability and Security, pp. 352–359 (2008)Google Scholar
  21. 21.
    Jiang, W., Zhang, H., Tian, Z., Song, X.: A game theoretic method for decision and analysis of the optimal active defense strategy. In: Proceedings of the 2007 International Conference on Computational Intelligence and Security, pp. 819–823 (2007)Google Scholar
  22. 22.
    Coello Coello C.A.: An updated survey of GA-based multiobjective optimization techniques. ACM Comput. Surv. 32(2), 109–143 (2000)CrossRefGoogle Scholar
  23. 23.
    Deb K.: Multi-objective Optimization Using Evolutionary Algorithms. Wiley, New York (2001)zbMATHGoogle Scholar
  24. 24.
    Deb K., Pratap A., Agarwal S., Meyarivan T.: A fast and elitist multiobjective genetic algorithm: NSGA–II . IEEE Trans. Evolut. Comput. 6(2), 182–197 (2002)CrossRefGoogle Scholar
  25. 25.
    Axelrod, R.: Evolution of Strategies in the Iterated Prisoner’s Dilemma. Genetic Algorithms and Simulated Annealing, pp. 32–41. Morgan Kaufmann, Los Altos (1987)Google Scholar
  26. 26.
    Smith J.M.: Evolution and the Theory of Games. Cambridge University Press, Cambridge (1982)zbMATHGoogle Scholar
  27. 27.
    Rosin, C.D., Blew, R.K.: Methods for competitive co-evolution: finding opponents worth beating. In: Proceedings of the 6th International Conference on Genetic Algorithms, pp. 373–381 (1995)Google Scholar
  28. 28.
    Hillis, W.D.: Co-evolving parasites improve simulated evolution as an optimization procedure. Artificial Life II. Addison-Wesley, London (1991)Google Scholar
  29. 29.
    Bull, L.: Coevolutionary Computation: An Introduction. (1998)
  30. 30.
    Dawkins R.: The Blind Watchmaker. Norton & Company, Inc, New York (1986)Google Scholar
  31. 31.
    Rosin C.D., Blew R.K.: New methods for competitive coevolution. Evolut. Comput. 5(1), 1–29 (1997)CrossRefGoogle Scholar
  32. 32.
    Ficici, S.G., Pollack, J.B.: A game-theoretic memory mechanism for coevolution. In: Proceedings of the Genetic and Evolutionary Computation Conference, pp. 286–297 (2003)Google Scholar
  33. 33.
    Stanley, K.O., Miikkulainen, R.: The dominance tournament method of monitoring progress in coevolution. In: Proceedings of the Genetic and Evolutionary Computation Conference Workshop Program, pp. 242–248 (2002)Google Scholar
  34. 34.
    Stoneburner, G., Goguen, A., Feringa, A.: Risk management guide for information technology systems. NIST Special Publication, pp. 800–830 (2002)Google Scholar
  35. 35.
    Berger, B.: Data-centric Quantitative Computer Security Risk Assessment. Information Security Reading Room, SANS (2003)Google Scholar
  36. 36.
    Lee W.: Toward cost-sensitive modeling for intrusion detection and response. J. Comput. Secur. 10(1), 5–22 (2002)Google Scholar
  37. 37.
    Butler, S.A.: Security attribute evaluation method: a cost-benefit approach. In: Proceedings of the 24rd International Conference on Software Engineering, pp. 232–240 (2002)Google Scholar
  38. 38.
    Butler, S.A., Fischbeck, P.: Multi-attribute risk assessment. In: Proceedings of SREIS02 in conjunction with the 10th IEEE International Requirements Engineering Conference (2002)Google Scholar
  39. 39.
    Nash J.: Non-cooperative games. Ann. Math. 54(2), 286–295 (1950)MathSciNetCrossRefGoogle Scholar
  40. 40.
    Goldberg D.E.: Genetic Algorithms in Search, Optimization, and Machine Learning. Addison-Wesley, New York (1989)zbMATHGoogle Scholar
  41. 41.
    Alba E., Tomassini M.: Parallelism and evolutionary algorithms. IEEE Trans. Evolut. Comput. 6(5), 443–462 (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag 2012

Authors and Affiliations

  • Rinku Dewri
    • 1
  • Indrajit Ray
    • 2
  • Nayot Poolsappasit
    • 3
  • Darrell Whitley
    • 2
  1. 1.Department of Computer ScienceUniversity of DenverDenverUSA
  2. 2.Department of Computer ScienceColorado State UniversityFort CollinsUSA
  3. 3.Department of Computer ScienceMissouri University of Science and TechnologyRollaUSA

Personalised recommendations