Using Network Tainting to Bound the Scope of Network Ingress Attacks

Author

Mell, Peter ; Harang, Richard E.

Author_Institution

Nat. Inst. of Stand. & Technol., Gaithersburg, MD, USA

fYear

2014

fDate

June 30 2014-July 2 2014

Firstpage

206

Lastpage

215

Abstract

This research describes a novel security metric, network taint, which is related to software taint analysis. We use it here to bound the possible malicious influence of a known compromised node through monitoring and evaluating network flows. The result is a dynamically changing defense-in-depth map that shows threat level indicators gleaned from monotonically decreasing threat chains. We augment this analysis with concepts from the complex networks research area in forming dynamically changing security perimeters and measuring the cardinality of the set of threatened nodes within them. In providing this, we hope to advance network incident response activities by providing a rapid automated initial triage service that can guide and prioritize investigative activities.

Keywords

network theory (graphs); security of data; defense-in-depth map; network flow evaluation; network flow monitoring; network incident response activities; network ingress attacks; network tainting metric; security metric; security perimeters; software taint analysis; threat level indicators; Algorithm design and analysis; Complex networks; Digital signal processing; Measurement; Monitoring; Security; Software; complex networks; network tainting; scale-free; security;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Security and Reliability (SERE), 2014 Eighth International Conference on

Conference_Location

San Francisco, CA

Print_ISBN

978-1-4799-4296-1

Type

conf

DOI

10.1109/SERE.2014.34

Filename

6895431