Information Technology Reference
In-Depth Information
Table 1.
Some Relevant Works
Essence of approach
Examples of works
Attacks and attack taxonomies
[8]
Using Colored Petri Nets
[12]
State transition analysis technique
[10]
Cause-effect model of attack realization
[2]
Conceptual models of computer penetration
[19]
Descriptive models of attacks
[23]
Structured “tree”-based description of attacks
[3], [15], [17]
Modeling survivability of networked systems
[14]
Object-oriented Discrete Event Simulation of attacks
[1]
Attack modeling as a set of capabilities that provide support for new attacks
[21]
Attack languages
[22]
Situation calculus to simulate intelligent, reactive attackers
[5]
Building and using attack graphs for vulnerability analysis
[16], [18], [20]
Intrusion detection systems evaluation
[4], [13]
We developed a strict formal model and techniques for attack modeling based on
stochastic formal grammar and state machine based specification of the malefactor's
intentions and scenarios of network attacks on the macro and micro levels. Our ap-
proach applied the results of reviewed relevant works, but is evolving own theoretical
and practical ideas about
stochastic formal grammar and multi-agent based
attack
modeling and agent-based simulation. The rest of the paper is structured as follows.
Section 2
presents formal approach suggested for attack modeling and simulation.
Section 3
specifies the software tool “Attack Simulator” implementing the formal
approach developed.
Section 4
outlines the experiments conducted with Attack Simu-
lator.
Section 5
describes the paper results.
2
Formal Approach for Attack Modeling and Simulation
In the developed formal model of attacks, the basic notions of the security domain
correspond to malefactor's intentions and all other notions are structured according to
the structure of intentions [7]. The classes, numbers, designations and interpretations
of basic
malefactor's intentions
are considered in Table 2.
Table 2.
List of Malefactor's Intentions
Class
#
Designation
Interpretation
IH
1
Identification of the running Hosts
2
IS
Identification of the host Services
IO
3
Identification of the host Operating system
4
RE
Resource Enumeration
5
UE
Users and groups Enumeration
6
ABE
Applications and Banners Enumeration
7
GAR
Gaining Access to Resources
EP
8
Escalating Privilege
9
CVR
Confidentiality Violation Realization or Confidentiality destruction
IVR
10
Integrity Violation Realization or Integrity Destruction
11
AVR
Availability Violation Realization or Denial of Service
12
CBD
Creating Back Doors
