Cost-aware network immunization framework for intrusion prevention

In this paper, a cost-aware framework for intrusion prevention has been presented. The inputs of this framework are the attack graph of the specified network and also the important assets of it (target of attacker). We have defined some graph based security metrics and aggregated their effects for prioritizing attack scenarios. The scenarios are ordered based on the attacker´s knowledge, attacker´s endurance, and scenario´s ease of exploitability and also impact of the attack scenario. The impact and exploitability of each attack scenario have been computed based on the extracted CVSS values. Based on the output of the prioritizing algorithm, some of the most important scenarios are selected for elimination. A subset of the initial conditions and vulnerabilities of the selected scenarios is carefully chosen to harden the network with the lowest possible cost in terms of the time and also removal costs. For evaluating our framework, we have also presented a risk factor. This factor indicates the likelihood of the attack path which is multiplied by its impact on the security factors (confidentiality, integrity and availability). The result of applying our framework on one well-known network example has been presented for showing its performance.