|When:||Back to Calendar January 21, 2014 @ 11:00 am - 12:30 pm||Where:||Title: Scalable Security Modeling Techniques for Security Assessment
COSC Conference Room
|✔ Add to Calendar Add to Google Calendar|
Presenter: Dong-Seong Kim, University of Canterbury, New Zealand
How secure is your network? It is not easy to measure security. To assess the network security, attack and defense models (a.k.a., Attack Representation Model (ARM)) can be used. Purely graph based ARM (e.g., Attack Graph) has a state-space explosion problem. Moreover, the complex relationship between the host and the vulnerability information in attack models create difficulty in adjusting to changes in the network, which is impractical for modern dynamic network systems. Generating the ARM and evaluating the security suffer from a scalability problem when the size of the networked system is very large (e.g., 10,000 computer hosts in the network with a complex network topology).
In this talk, to deal with the above mentioned issues, we propose hierarchical attack representation models (HARM). The main idea is to separate the network topology information (in the upper level) from the vulnerability information of each host (in the lower level). We propose to use HARM in the different phases of lifecycle of the ARMs.
We compare HARMs with existing attack models, in particular attack graph, and compare their performance in the phase of construction and evaluation, respectively.
- We propose to use k-importance measures to generate a two-layer HARM, which can improve the scalability of an ARM model generation and security evaluation.
- We propose centrality based network security analysis by ranking important hosts based on network centrality measures, and vulnerabilities based on security metric values.
Finally, research revenues in security assessment will be briefly introduced.