Ranking intrusion likelihoods with exploitability of network vulnerabilities in a large-scale attack model

Rattikorn Hewett, Phongphun Kijsanayothin

Research output: Contribution to journalArticle

1 Scopus citations

Abstract

Network vulnerabilities are common sources of many security threats. Attack models representing chains of all possible vulnerability exploits by attackers can help locate security flaws and pre-determine appropriate preventative measures. To realize the full benefits of attack models, effective analysis is crucial. However, due to the size and complexity of the models, manually pinpointing potential critical attacks can be daunting. Thus, there is a need for an automated analysis approach. Existing techniques are either based on network topology alone or subjective prior knowledge. They do not utilize domain-specific knowledge. This paper presents an approach to automatically ranking states in an attack model in the order of their intrusion likelihoods. Using the degree of exploitability of network vulnerabilities and the Markov property, the proposed approach provides a tractable computation enhanced by domain-specific heuristic knowledge for estimating such likelihoods. The paper discusses the details of the approach, illustrates its use, and compares results with a similar existing technique with experiments on its performance.

Original languageEnglish
Pages (from-to)383-394
Number of pages12
JournalInternational Journal of Network Security
Volume17
Issue number4
StatePublished - 2015

Keywords

  • Attack graphs
  • Network security
  • Network vulnerability
  • Ranking algorithm
  • Security models

Fingerprint Dive into the research topics of 'Ranking intrusion likelihoods with exploitability of network vulnerabilities in a large-scale attack model'. Together they form a unique fingerprint.

  • Cite this