Minimum-Cost Network Hardening
In defending one’s network against cyber attacks, certain vulnerabilities may seem acceptable risks when considered in isolation. But an intruder can often infiltrate a seemingly well-guarded network through a multi-step intrusion, in which each step prepares for the next. Attack graphs can reveal the threat by enumerating possible sequences of exploits that can be followed to compromise given critical resources. However, attack graphs do not directly provide a solution to remove the threat. Finding a solution by hand is error-prone and tedious, particularly for larger and less secure networks whose attack graphs are overly complicated. In this chapter, we propose a solution to automate the task of hardening a network against multi-step intrusions. More specifically, we first represent given critical resources as a logic proposition of initial conditions. We then simplify the proposition to make hardening options explicit. Among the options we finally choose solutions with the minimum cost.
KeywordsGoal Condition Logic Proposition Critical Resource Disjunctive Normal Form Forward Search
- 1.P. Ammann, D. Wijesekera, and S. Kaushik. Scalable, graph-based network vulnerability analysis. In Proceedings of ACM CCS’02, 2002.Google Scholar
- 2.R. Deraison. Nessus scanner, 1999. Available at http://www.nessus.org.
- 3.S. Jha, O. Sheyner, and J.M. Wing. Two formal analysis of attack graph. In Proceedings of the 15th Computer Security Foundation Workshop (CSFW’02), 2002.Google Scholar
- 4.E. Mendelson. Introduction to Mathematical Logic, 4th ed. Chapman & Hall, 1997.Google Scholar
- 5.S. Noel, S. Jajodia, B. O’Berry, and M. Jacobs. Efficient minimum-cost network hardening via exploit dependency grpahs. In Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC’03), 2003.Google Scholar
- 6.O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J.M. Wing. Automated generation and analysis of attack graphs. In Proceedings of the IEEE S&P’02, 2002.Google Scholar