1 / 35

Evaluating Network Security with Two-Layer Attack G raphs

Evaluating Network Security with Two-Layer Attack G raphs. Anming Xie Zhuhua Cai Cong Tang Jianbin Hu Zhong Chen ACSAC (Dec., 2009) . Outline. Introduction Related Work Model Examples Conclusion. Attack Graphs. Describe attack scenarios

pascha
Download Presentation

Evaluating Network Security with Two-Layer Attack G raphs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Evaluating Network Security with Two-Layer Attack Graphs AnmingXie ZhuhuaCai Cong Tang JianbinHu ZhongChen ACSAC (Dec., 2009)

  2. Outline • Introduction • Related Work • Model • Examples • Conclusion

  3. Attack Graphs • Describe attack scenarios • Play important roles in analyzing network vulnerabilities

  4. Problems • Although there are many previous works on attack graphs about evaluating network security, some problems still need to be addressed • Scalability • Several targets for overall security of networks • Inside malicious attackers’ attacks

  5. The Work of The Paper • Firstly, propose a new generation model • Generate two-layer attack graphs model to reduce computation costs • Then, propose a measurement methodology • Evaluate network security based on adjacency matrixes

  6. Network Security Metrics • Traditionally, focus on vulnerabilities as static values in different networks • However, ignore how they could be exploitedby the attackers • An attack graph describe s all the possible ways to break into a network, and reveals actual effect among vulnerabilities

  7. Outline • Introduction • Related Work • Model • Examples • Conclusion

  8. Related Works • Resulting attack graphs are sometimes too large to be computed • Lacks meaningful and efficient suggestions to evaluate network security

  9. Outline • Introduction • Related Work • Model • Examples • Conclusion

  10. A. Generation Model • Two assumptions • Preconditions on an exploit would never be changed from satisfied to unsatisfied • Attackers only need user access privileges at source host when exploiting vulnerabilities at target host

  11. A. Generation Model • The two-layer model • Lower layer • Describe all of the detailed attack scenarios between each host-pair • Set up host-pair attack graphs to describe attack sequences from one source host to one target host directly • Show how attackers obtain user or root access privileges at the target host • N * N host-pair attack graphs at most with N hosts

  12. A. Generation Model • The two-layer model • Upper layer • Set up host access attack graphs to show the direct access relationships among hosts • A node represents a host in networks, and a directed edge between two nodes represents the access relationship between the corresponding two hosts

  13. A. Generation Model • Generation of host-pair attack graphs • Just deal with host’s configurations, vulnerabilities, its network connection with source host • Be generated very quickly and the size is small

  14. A. Generation Model • Generation of hosts access attack graphs • Built on the results of the host-pair attack graphs • Add a directed edge to the corresponding nodes in hosts access graph • Edge’s label shows the corresponding privilege which could be obtained

  15. A. Generation Model

  16. B. Analysis on probability of success • Used in analysis of network security • Firstly • apply probability of success to each atomic exploit • Secondly • calculate the probabilities of obtaining user and root privileges successfully for each host-pair attack graph • Finally • change the edges’ label of the hosts access graph as (HPAGID, Puser, Proot)

  17. B. Analysis on probability of success

  18. C. Analysis on Adjacency Matrixes • In order to evaluate the overall network, composite these attack probabilities to a global measurement dynamically based on adjacency matrixes • A network with N nodes, draw a hosts access graph withN +1 nodes • Use H1, H2, · · ·, Hn to indicate hosts in the target network, and use H0 to indicate an attacker’s host.

  19. C. Analysis on Adjacency Matrixes • Element uijindicates the probability of obtaining user privilegefrom host Hi to host Hj • C = F(A,B) • A, B, C are matrixes • F is defined as

  20. C. Analysis on Adjacency Matrixes • Define the power iterationsof Function F • Stable matrix • User adjacency matrix U • maximum • Root adjacency matrix R • maximum

  21. D. Network Security Measurement • Total prospective damage of whole network brought by this attacker in host Hiis • the set of important hosts in network is C, C ⊆ H • Dangerous Score • Indicate the security level of a network • use wk rather than duk and drk. For each host Hk in C, wk is its important factor, where 0 ≤ wk ≤ 1

  22. D. Network Security Measurement • Transition score, which evaluates the host’s action as a stepping stone when an outside attacker attacks the network

  23. Outline • Introduction • Related Work • Model • Examples • Conclusion

  24. A. Network Environment

  25. A. Network Environment

  26. B. Result Attack Graphs

  27. B. Result Attack Graphs

  28. C. Network Security Evaluation

  29. C. Network Security Evaluation

  30. C. Network Security Evaluation • Assume the set of important hosts in network is C = {F,D} • Obtain user privilege • Prospective damage du = {200, 2000} • Obtain root privilege • Prospective damage dr= {2000, 10000}

  31. C. Network Security Evaluation • Total prospective damage potentially caused by outside attackers • Total prospective damage potentially caused by inside attackers 1

  32. C. Network Security Evaluation • Set important factors wk for each host Hk in C • set w = {0.2, 1} • 0.2 for host F, 1 for host D • Dangerous Score • Transition Score

  33. Outline • Introduction • Related Work • Model • Examples • Conclusion

  34. Conclusion • A novel generation approach and a measurement methodology • Apply the probability of success to our attack graphs • Results not only describe the potential attack probabilities of success launched from an outside attacker, but also describe the potential attack probabilities launched from inside malicious users • Draw gray scale images to indicate the overall network security

  35. Q & A Thank you!

More Related