Exploiting curse of diversity for improved network security

Higher species diversity in biological systems increases the robustness of the system against the spread of disease or infection. However, computers are remarkably less diverse. Such lack of diversity poses serious risks to the today´s homogeneous computer networks. An adversary learns with the initial compromises and then applies the learned knowledge to compromise subsequent systems with less effort and time. An exploit engineered to take advantage of a particular vulnerability could be leveraged on many other systems to multiply the effect of an attack. The existence of the same vulnerability on multiple systems in an enterprise network greatly benefits the adversary because she can gain incremental access to enterprise resources with relative ease. In this paper, we have proposed a metric to identify all the attack paths that are not fairly/truly diversified. Our goal is to identify all the attack paths in an enterprise network in which one or more vulnerabilities that could be exploited more than once. Additionally, our goal is to identify what are all those vulnerabilities and what are the affected software´s/services? Based on the proposed heuristics, identical and vulnerable services were identified and diversified by functionally equivalent alternatives in such a way that adversary requires an independent effort (i.e. additional or new effort) for exploiting each vulnerability along every attack path. We have presented a small case study to demonstrate the efficacy and applicability of the proposed metric and proposed an algorithm for diversifying attack paths for making enterprise network more robust against 0-day attacks. Initial results show that our approach is capable of identifying identical and vulnerable software/applications/services that need to be diversified for increased network security.