Title Risk Management Using Behavior Based Attack Graphs
Publication Type Conference Paper
Year of Publication 2004
Authors Dantu, R, Loper, K, Kolan, P
Conference Name Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2 - Volume 2
Publisher IEEE Computer Society
Conference Location Washington, DC, USA
ISBN Number 0-7695-2108-8
Abstract

Security administration is an uphill task to implement inan enterprise network providing secured corporateservices. With the slew of patches being released byMicrosoft, HP and other vendors, system administratorsrequire a barrage of tools for analyzing the risk due tothese vulnerabilities. In addition to this, criticalities inpatching some end hosts (eg., in hospitals) raises serioussecurity issues about the network to which the end hostsare connected. In this context, it would be imperative toknow the risk level of all critical resources (e.g., OracleServer in HR department) keeping in view the everydayemerging new vulnerabilities. We hypothesize thatsequence of network actions by an attacker depends onthe social behavior (e.g., skill level, tenacity, financialability). By verifying our hypothesis on hacker emailcommunications, we extended this methodology andcalculated risk level for a small network. Towards thisgoal, we formulated a mechanism to estimate the risklevel of critical resources that may be compromisedbased on attacker behavior. This estimation isaccomplished using behavior based attack graphs. Thesegraphs represent all the possible attack paths to all thecritical resources. Based on these graphs, we calculatethe risk level of a critical resource using Bayesianmethodology and periodically update the subjectivebeliefs about the occurrence of an attack Such acalculated risk level would be a measure of thevulnerability of the resource and it forms an effectivebasis for a system administrator to perform suitablechanges to network configuration. Thus suitablevulnerability analysis and risk management strategiescan be formulated to efficiently curtail the risk fromdifferent types of attacker (script kiddies, hackers,criminals and insiders).

URL http://dl.acm.org/citation.cfm?id=977403.978389

Publication Status:

UNT Department:

UNT Center:

UNT Lab: