Advertisement

Linear-Time Network Hardening

  • Lingyu Wang
  • Massimiliano Albanese
  • Sushil Jajodia
Chapter
Part of the SpringerBriefs in Computer Science book series (BRIEFSCOMPUTER)

Abstract

Attack graph analysis has been established as a powerful tool for analyzing network vulnerability. However, previous approaches to network hardening look for exact solutions and thus do not scale. Further, hardening elements have been treated independently, which is inappropriate for real environments. For example, the cost for patching many systems may be nearly the same as for patching a single one. Or patching a vulnerability may have the same effect as blocking traffic with a firewall, while blocking a port may deny legitimate service. By failing to account for such hardening interdependencies, the resulting recommendations can be unrealistic and far from optimal. Instead, we formalize the notion of hardening strategy in terms of allowable actions, and define a cost model that takes into account the impact of interdependent hardening actions. We also introduce a near-optimal approximation algorithm that scales linearly with the size of the graphs, which we validate experimentally.

Keywords

Target Condition Approximation Ratio Cost Model Disjunctive Normal Form Previous Chapter 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Reference

  1. 1.
    Steven Noel and Sushil Jajodia. Managing attack graph complexity through visual hierarchical aggregation. In Proceedings of the ACM CCS Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC 2004), pages 109–118, Fairfax, VA, USA, October 2004. ACM.Google Scholar

Copyright information

© The Author(s) 2014

Authors and Affiliations

  • Lingyu Wang
    • 1
  • Massimiliano Albanese
    • 2
  • Sushil Jajodia
    • 2
  1. 1.Concordia Institute for Information Systems Engineering (CIISE)Concordia UniversityMontrealCanada
  2. 2.Center for Secure Information SystemsGeorge Mason UniversityFairfaxUSA

Personalised recommendations