Information Technology Reference
In-Depth Information
continuously. Moreover, it is important to carry out vulnerability assessment and se-
curity analysis during the whole life cycle of computer networks, including initial
stages of analysis and design.
The paper is
devoted to creating the models, architectures and prototypes of intel-
ligent components of
vulnerability detection and security level estimation which allow
expanding functional capabilities of existing SAS based on penetration testing and
simulation. The main attention is devoted to design stage. We describe the architec-
ture of security analysis system offered and models implemented in this system, in-
cluding the models of attacks, analyzed computer network (estimating the attack re-
sults and the system's responses to attacks) and security level assessment. The rest of
the paper is structured as follows.
Section 2
outlines the approach suggested and re-
lated work.
Section 3
describes the architecture of security analysis system developed
and its implementation issues.
Section 4
gives an outline of generalized attack model
used for vulnerability assessment and security level estimation.
Section 5
describes
the model of analyzed computer network.
Section 6
presents the model of security
level evaluation.
Section 7
gives an overview of case study used for checking the ap-
proach suggested.
Section 8
summarizes the main results and future research.
2 Related Work
In the paper we suggest the approach which is based on mechanism of automatic con-
struction and replaying of distributed attacks scripts by combining known attacks
fragments taking into account various intentions and experience level of malefactors.
The results of attacks allow to calculate different security metrics which can be used
for defining as the common security level of computer network (system) as well as
security levels of its components. This approach can be used at different stages of
computer network life cycle, including design and exploitation stages.
At the design stage
, SAS should operate with the model of analyzed computer
network generated from preliminary or detailed design specifications. The main ap-
proaches to vulnerability assessment and security analysis can be based on analytic
calculation and imitation (simulation) experiments. Analytical approaches use as a
rule different risk analysis methods
[2, 11, 25, 28, 37
, etc.]. Imitational approaches are
based on modeling and simulation of network specifications, fault (attack) trees,
graph models, etc. [9, 10, 11, 14, 17, 22, 32, 33, 34, 35, 38, etc.].
There are a lot of papers which consider different techniques of attack modeling
and simulation: Colored Petri Nets [16], state transition analysis technique [12, 15],
simulating intrusions in sequential and parallelized forms [5], cause-effect model [6],
conceptual models of computer penetration [36], descriptive models of the network
and the attackers [40], structured “tree”-based description [7, 20], modeling surviv-
ability of networked systems
[19], object-oriented discrete event simulation [3], r
e-
quires/provides
model for computer attacks
[39], situation calculus and goal-directed
procedure invocation [8], using and building attack graphs for vulnerability analysis
[13, 23, 29, 33, 38], etc.
