Title :
Capability-centric attack model for network security analysis
Author :
Song, Shunhong ; Lu, Yuliang ; Cheng, Weiwei ; Yuan, Huan
Author_Institution :
Dept. of Network Eng., Electron. Eng. Inst., Hefei, China
Abstract :
Most network attack models have the problem of lacking ablility to describe all types of attack patterns in deltail, with no consideration of attacker´s skill and policy. To address the problem, this paper proposes a well-structured model that abstracts the relation between attacker capability and victim vulnerability, the relation between knowledge, resource and capability of attacker. Both these two relations can be used to support automatic correlating of vulnerability exploits to build all the attack paths from the attacker to the target. The basic block of the model is a logical formula called capability, which is used to abstract consistently and precisely all levels of accesses obtained by the attacker in each step of a multistage attack. A flexible extensible language based on Pyke is developed to specify the model and derive inference rules to define logical relations between different capabilities, and a demonstration is given to show how it can be used in security applications such as vulnerability analysis and attack generation.
Keywords :
computer network security; logic programming; Pyke; capability; capability-centric attack model; flexible extensible language development; logical formula; multistage attack; network security analysis; vulnerability analysis; Analytical models; Computational modeling; Computers; Conferences; Knowledge engineering; Payloads; Security; attack model; capability; security analysis;
Conference_Titel :
Signal Processing Systems (ICSPS), 2010 2nd International Conference on
Conference_Location :
Dalian
Print_ISBN :
978-1-4244-6892-8
Electronic_ISBN :
978-1-4244-6893-5
DOI :
10.1109/ICSPS.2010.5555265
