NetQi: A Model Checker for Anticipation Game
NetQi is a freely available model-checker designed to analyze network incidents such as intrusion. This tool is an implementation of the anticipation game framework, a variant of timed game tailored for network analysis. The main purpose of NetQi is to find, given a network initial state and a set of rules, the best strategy that fulfills player objectives by model-checking the anticipation game and comparing the outcome of each play that fulfills strategy constraints. For instance, it can be used to find the best patching strategy. NetQi has been successfully used to analyze service failure due to hardware, network intrusion, worms and multiple-site intrusion defense cooperation.
KeywordsPlayer Action Security Expert Attack Graph Player Objective Strategy Objective
Unable to display preview. Download preview PDF.
- 2.Bursztein, E.: Netqi, http://www.netqi.org
- 3.Bursztein, E.: Network administrator and intruder strategies. Technical Report LSV-08-02, LSV, ENS Cachan (January 2008)Google Scholar
- 4.Bursztein, E., Goubault-Larrecq, J.: A logical framework for evaluating network resilience against faults and attacks. In: 12th annual Asian Computing Science Conference (ASIAN), December 2007, pp. 212–227. Springer, Heidelberg (2007)Google Scholar
- 6.Ramakrishan, C., Sekar, R.: Model-based analysis of configuration vulnerabilities. Journal of Computer Security 1, 198–209 (2002)Google Scholar
- 8.Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: SP 2002: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 273–284. IEEE Computer Society Press, Los Alamitos (2002)Google Scholar