Network Security Evaluation Method via Attack Graphs and Fuzzy Cognitive Maps
When presented with an attack graph, network administrator may raise question on how to harden the network. To defend his network, network administrator should be supplied with list of all attack paths that can compromise the network. With this list, he can decide which paths are worth paying attention to and defending against. In the event of limited resources, network administrator may only be interested in certain critical paths which cause worst network attack. Attack graph alone is not always helpful on its own and needs additional work for this purpose. In this paper we present the use of a Fuzzy Cognitive Map which is converted from attack graph with genetic algorithm to find attack scenarios causing worst impact on network security. The identified scenarios can then help network administrator to mitigate risks associated with the attack scenarios and improve his network security.
KeywordsNetwork security attack graph FCM Genetic Algorithm
Unable to display preview. Download preview PDF.
- 2.Ritchey, R.W., Ammann, P.: Using Model Checking to Analyze Network Vulnerabilities. In: IEEE Security and Privacy Proceedings, Berkeley, CA, USA, pp. 156–165 (2000)Google Scholar
- 3.Liu, Z., Wang, C., Chen, S.: Correlating Multi-Step Attack and Constructing Attack Scenarios Based on Attack Pattern Modeling, pp. 214–219. IEEE Computer Society (2008)Google Scholar
- 4.Franqueira, V.N.L.: Finding Multi-Step Attacks in Computer Network using Heuristic Search and Mobile Ambient. s.l.: CTIT Ph.D. Thesis Series No. 09-154 (2009)Google Scholar
- 5.Danforth, M.: Models for Threat Assessment in Networks, PhD Thesis. University of California-Davis, Computer Science Department (2006)Google Scholar
- 6.Danforth, M.: Scalable Patch Management using Evolutionary Analysis of Attack Graphs. In: Seventh International Conference on Machine Learning and Applications. IEEE Computer Society (2008)Google Scholar
- 7.Noel, S., et al.: Efficient Minimum-Cost Hardening via Exploit Dependency Graphs. In: IEEE 19th Annual Computer Security Applications Conference, pp. 86–95 (2003)Google Scholar
- 8.Lippmann, R.P., Ingols, K.W.: An Annotated Review of Past Papers on Attack Graphs. MIT Lincoln Laboratory (2005)Google Scholar
- 9.Oleg, S., et al.: Automated Generation and Analysis of Attack Graph. In: 2002 IEEE Symposium on Security and Privacy. IEEE (2002)Google Scholar
- 10.Kosko, B.: Fuzzy Cognitive Maps. International Journal of Man-Machine Studies, 65–75 (1986)Google Scholar
- 11.Ross, T.J.: Fuzzy Logic with Engineering Applications. John Wiley and Sons (2010)Google Scholar
- 14.Gupta, S., Winstead, J.: Using Attack Graph to Design Systems. IEEE Security and Privacy, 80–83 (2007)Google Scholar