Title :
Cost-aware network immunization framework for intrusion prevention
Author :
Keramati, Marjan ; Asgharian, Hassan ; Akbari, Ahmad
Author_Institution :
Comput. Eng. Dept., Iran Univ. of Sci. & Technol., Tehran, Iran
Abstract :
In this paper, a cost-aware framework for intrusion prevention has been presented. The inputs of this framework are the attack graph of the specified network and also the important assets of it (target of attacker). We have defined some graph based security metrics and aggregated their effects for prioritizing attack scenarios. The scenarios are ordered based on the attacker´s knowledge, attacker´s endurance, and scenario´s ease of exploitability and also impact of the attack scenario. The impact and exploitability of each attack scenario have been computed based on the extracted CVSS values. Based on the output of the prioritizing algorithm, some of the most important scenarios are selected for elimination. A subset of the initial conditions and vulnerabilities of the selected scenarios is carefully chosen to harden the network with the lowest possible cost in terms of the time and also removal costs. For evaluating our framework, we have also presented a risk factor. This factor indicates the likelihood of the attack path which is multiplied by its impact on the security factors (confidentiality, integrity and availability). The result of applying our framework on one well-known network example has been presented for showing its performance.
Keywords :
costing; data integrity; graph theory; security of data; CVSS; attack scenario prioritization; attackers endurance; attackers knowledge; availability factor; common vulnerability scoring system; confidentiality factor; cost-aware network immunization framework; graph based security metrics; integrity factor; intrusion prevention; network attack graph; network hardening; removal cost; risk factor; scenarios ease-of-exploitability; security factor; Availability; Complexity theory; Computational modeling; Computer networks; Measurement; Security; Sorting; attack graph; attack scenario; network hardening; network immunization; security metrics; vulnerability;
Conference_Titel :
Computer Applications and Industrial Electronics (ICCAIE), 2011 IEEE International Conference on
Conference_Location :
Penang
Print_ISBN :
978-1-4577-2058-1
DOI :
10.1109/ICCAIE.2011.6162212