Information Technology Reference
In-Depth Information
As one can see from our review of relevant works, the field of imitational ap-
proaches for vulnerability assessment and security level evaluation has been deliver-
ing significant research results. [32] quantifies vulnerability by mapping known attack
scenarios into trees. In [14] a system architecture injects intrusion events into a given
network specification, and then visualizes the effects in scenario graphs. Using model
checking, Bayesian analysis, and probabilistic analysis, a multifaceted network view
of a desired service is provided. [17] suggests a game-theoretic method for analyzing
the security of computer networks. The authors view the interactions between an at-
tacker and the administrator as a two-player stochastic game and construct a model
for the game. The approach offered in [34] is intended for performing penetration
testing of formal models of networked systems for estimating security metrics. The
approach consists of constructing formal state/transition models of the networked sys-
tem. The authors build randomly constructed paths through the state-space of the
model and estimate global security related metrics as a function of the observed paths.
[38] analyzes risks to specific network assets and examines the possible consequences
of a successful attack. As input, the analysis system requires a database of common
attacks, specific network configuration and topology information, and an attacker pro-
file. Using graph methods they identify the attack paths with the highest probability of
success. [10] suggests global metrics which can be used to analyze and proactively
manage the effects of complex network faults and attacks, and recover accordingly.
At the exploitation stage
of computes systems two main groups of methods can be
used: passive (by analyzing logs, configuration files, etc.) and active (based on pene-
tration testing) [4, 21]. There are a lot of different SAS components which operate on
the stage of exploitation. Examples are NetRecon, bv-Control for Internet Security
(HackerShield), Retina, Internet Scanner, CyberCop Scanner, Nessus Security Scan-
ner, etc.
The basic lacks of existing
SAS are as follows: (1) use of the scanner does
not allow to answer to the main question concerning policy-based systems - “Whether
what is revealed during scanning correspond to security policy?”; (2) the quality of
obtained result essentially depends on the size and adequacy of vulnerability bases;
(3) implementation of active vulnerability analysis on the computer system function-
ing in a regular mode can lead to failures in running applications. Therefore not all
systems can be tested by active vulnerability analysis; (4) existing network security
tools can essentially influence on the results generated by scanners. Quite often the
protection level evaluated from the place where the scanner is located is wrongly con-
sidered as a protection level of the whole network from all types of threats.
3 The Architecture of Security Analysis System
The architecture of security analysis system
offered contains the following compo-
nents (fig.1): (1) user interface; (2) module of malefactor's model realization; (3)
module of scriptset (attack scenarios) generation; (4) module of scenario execution;
(5) data and knowledge repository; (6) module of data and knowledge repository up-
dating; (7) module of security level assessment; (8) report generation module; (9)
network interface.
