Title
An Adversary aware and intrusion detection aware attack model ranking scheme
Document Type
Journal Article
RIS ID
22555
Abstract
A successful computer system intrusion is often resulted froman attacker combining exploits of individual vulnerability. This can bemodelled by attack models and attack graphs to provide a global viewon system security against attackers goal. However, as the size and complexityof attack models and attack graphs usually greatly exceeds humanability to visualize, understand and analyze, a scheme is required to identifyimportant portions of attack models and attack graphs. Mehta et al.proposed to rank states of an attack model by the probability of an adversaryreaching a state by a sequence of exploiting individual vulnerabilitiesin a previous scheme. Important portions can hence be identifiedby ranks of states. However, Mehta et al.s ranking scheme is based on thePageRank algorithm whichmodels aweb surfing scenario, but has not consideredmuch on the dissimilarity between web surfing scenarios and computersystem intrusion scenarios. In this paper, we extend Mehta et al.sscheme by taking into consideration dissimilarity between web surfingscenarios and computer system intrusion scenarios. We experiment withthe same network model used in Mehta et al.s scheme and have the resultscompared. The experiments yielded promising results that demonstratedconsistent ranks amongst varying parameters modelled by ourranking scheme.
This record is in the process of being updated. Please contact us for more information.
Publication Details
Lu, L., Safavi-Naini, R., Horton, J. P. & Susilo, W. (2007). An Adversary aware and intrusion detection aware attack model ranking scheme. J. Katz & M. Yung In International Conference on Applied Cryptography and Network Security, 5-8 June, Zhuhai, China. 4521 65-86.