DocumentCode
188178
Title
A Heuristic Method of Attack Graph Analysis for Network Security Hardening
Author
Zhao Chao ; Wang Huiqiang ; Guo Fangfang ; Zhou Mo ; Zhang Yushu
Author_Institution
Coll. of Comput. Sci. & Technol, Harbin Eng. Univ., Harbin, China
fYear
2014
fDate
13-15 Oct. 2014
Firstpage
43
Lastpage
47
Abstract
Traditional vulnerability scan tools cannot show the associations among vulnerabilities, and thus the security administrators have the difficulty to comprehensively understand the risks in networks according to the vulnerabilities sources. With the number of vulnerabilities growing rapidly, repairing all vulnerabilities costs much. In order to mitigate this problem, we propose a method using attack graph analysis, which provides network security hardening strategies in a cost effective way. For such a purpose, we construct attack graphs by software, and analyze the potential risks in networks by preprocessing them. Further, we calculate low-cost network security hardening strategies via modified ant-colony optimization. In case that the algorithm falls into local optima, a node-hidden mechanism with the highest selected probability is introduced. We have evaluated the performance of the proposed algorithm by simulations. The experimental results show that this method achieves scalability and significantly reduces cost of network security hardening strategies in an acceptable running time.
Keywords
ant colony optimisation; graph theory; security of data; attack graph analysis; heuristic method; modified ant colony optimization; network security hardening strategy; node-hidden mechanism; risk analysis; vulnerabilities source; vulnerability scan tools; Algorithm design and analysis; Communication networks; Computers; Educational institutions; Maintenance engineering; Optimization; Security; ant colony optimization; attack graph; network security hardening; vulnerability;
fLanguage
English
Publisher
ieee
Conference_Titel
Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2014 International Conference on
Conference_Location
Shanghai
Print_ISBN
978-1-4799-6235-8
Type
conf
DOI
10.1109/CyberC.2014.18
Filename
6984279
Link To Document