Network Security Evaluation Method via Attack Graphs and Fuzzy Cognitive Maps

  • Aodah Diamah
  • Masoud Mohammadian
  • Bala M. Balachandran
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 16)

Abstract

When presented with an attack graph, network administrator may raise question on how to harden the network. To defend his network, network administrator should be supplied with list of all attack paths that can compromise the network. With this list, he can decide which paths are worth paying attention to and defending against. In the event of limited resources, network administrator may only be interested in certain critical paths which cause worst network attack. Attack graph alone is not always helpful on its own and needs additional work for this purpose. In this paper we present the use of a Fuzzy Cognitive Map which is converted from attack graph with genetic algorithm to find attack scenarios causing worst impact on network security. The identified scenarios can then help network administrator to mitigate risks associated with the attack scenarios and improve his network security.

Keywords

Network security attack graph FCM Genetic Algorithm 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Franqueira, V.N.L., Lopes, R.H.C., van Pascal, E.C.K.: Multi-step Attack Modelling and Simulation (MsAMS) Framework based on Mobile Ambients. In: The 2009 ACM Symposium on Applied Computing, pp. 66–73. ACM, New York (2009)CrossRefGoogle Scholar
  2. 2.
    Ritchey, R.W., Ammann, P.: Using Model Checking to Analyze Network Vulnerabilities. In: IEEE Security and Privacy Proceedings, Berkeley, CA, USA, pp. 156–165 (2000)Google Scholar
  3. 3.
    Liu, Z., Wang, C., Chen, S.: Correlating Multi-Step Attack and Constructing Attack Scenarios Based on Attack Pattern Modeling, pp. 214–219. IEEE Computer Society (2008)Google Scholar
  4. 4.
    Franqueira, V.N.L.: Finding Multi-Step Attacks in Computer Network using Heuristic Search and Mobile Ambient. s.l.: CTIT Ph.D. Thesis Series No. 09-154 (2009)Google Scholar
  5. 5.
    Danforth, M.: Models for Threat Assessment in Networks, PhD Thesis. University of California-Davis, Computer Science Department (2006)Google Scholar
  6. 6.
    Danforth, M.: Scalable Patch Management using Evolutionary Analysis of Attack Graphs. In: Seventh International Conference on Machine Learning and Applications. IEEE Computer Society (2008)Google Scholar
  7. 7.
    Noel, S., et al.: Efficient Minimum-Cost Hardening via Exploit Dependency Graphs. In: IEEE 19th Annual Computer Security Applications Conference, pp. 86–95 (2003)Google Scholar
  8. 8.
    Lippmann, R.P., Ingols, K.W.: An Annotated Review of Past Papers on Attack Graphs. MIT Lincoln Laboratory (2005)Google Scholar
  9. 9.
    Oleg, S., et al.: Automated Generation and Analysis of Attack Graph. In: 2002 IEEE Symposium on Security and Privacy. IEEE (2002)Google Scholar
  10. 10.
    Kosko, B.: Fuzzy Cognitive Maps. International Journal of Man-Machine Studies, 65–75 (1986)Google Scholar
  11. 11.
    Ross, T.J.: Fuzzy Logic with Engineering Applications. John Wiley and Sons (2010)Google Scholar
  12. 12.
    Andreou, A.S., Mateou, N.H.: Soft Computing for Crisis Management and Political Decision Making: The use of Genetically Evolved Fuzzy Cognitive Maps. Soft Computing 9, 194–210 (2004)CrossRefGoogle Scholar
  13. 13.
    Mohammadian, M.: Intelligent Risk Identification and Analysis in IT Network Systems. In: Iliadis, L., Maglogiannis, I., Papadopoulos, H. (eds.) Artificial Intelligence Applications and Innovations. IFIP AICT, vol. 364, pp. 370–377. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Gupta, S., Winstead, J.: Using Attack Graph to Design Systems. IEEE Security and Privacy, 80–83 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Aodah Diamah
    • 1
  • Masoud Mohammadian
    • 1
  • Bala M. Balachandran
    • 1
  1. 1.Faculty of Information Sciences and EngineeringUniversity of CanberraCanberraAustralia

Personalised recommendations