Information Technology Reference
In-Depth Information
For intentions of the class “
Reconnaissance
” we have investigated only influence
of protection degree of network firewall. Three values of this parameter were used:
1 — “Strong” (if firewall can protect from 60-90% of implemented attacks); 2 —
“Medium” (if firewall can protect from 20-50% of attacks); 3 — “None” (if firewall
does not protect or is absent).
For intentions of the class “
Implantation and threat realization
” we have used the
following values of parameters: (1) for protection degree of (network or personal)
firewalls: 1 — “Strong” (if firewall can protect from 60-90% of attacks); 2 —
“None” (if firewall does not protect or is absent); (2) for protection parameters of
attacked host: 1 — “Strong” (60-90% of security parameters have secure values, for
example, strong password, absence of sharing files and printers, and other resources,
absence of trusted hosts, etc.); 2 — “Weak” (security parameters are weak); (3) for
degree of hacker's knowledge about a network: 1 — “Good” (hacker knows about
50-80% of information about network); 2 — “Nothing” (hacker knows nothing about
network).
Attacks were simulated on various configurations of a computer network. For each
separate experiment, various realizations of attacks (runs) were carried out. In each
experiment, several realizations (runs) with identical initial data were carried out. The
results received on each experiment, were averaged.
To investigate the Attack Simulator possibilities, we have selected the following
attack realization outcome parameters
:
NS
(Number of attack Steps) — number of
terminal level attack actions;
PIR
(Percentage of Intention Realization) — percentage
of the hacker's intentions realized successfully (for “Reconnaissance” it is a percent-
age of objects about which the information has been received; for “Implantation and
threat realization” it is a percentage of successful realizations of the common attack
goal on all runs);
PAR
(Percentage of Attack Realization) — percentage of “positive”
messages (responses) of the Network Agent on attack actions (the “positive” mes-
sages are designated in attack visualization window by green lines);
PFB
(Percentage
of Firewall Blocking) — percentage of attack actions blockage by firewall (red lines
in attack visualization window);
PRA
(Percentage of Reply Absence) — percentage of
“negative” messages (responses) of the Network Agent on attack actions (gray lines
in attack visualization window).
Changes of parameters PIR, PAR, PFB, and PRA for various network firewall con-
figurations under realization of intention
IS
(“Identification of the host Services”) are
represented in Fig. 4.
Let consider two dependences of parameters PIR, PAR, PFB, PRA from different
input parameters values under intention
GAR
(“Gaining Access to Resources”) reali-
zation. For construction of these dependences the following values were used as x-
coordinate parameters: 1 — both network and personal firewalls are active; 2 — only
network firewall is active; 3 — only personal firewall is active; 4 — none of firewalls
is active. The parameters changes under maximal protection of attacked host
(“Strong”) and maximal hacker's knowledge about a network (“Good”) are depicted
in Fig. 5. The parameters changes under minimal protection of attacked host (“None”)
and maximal hacker's knowledge about a network (“Good”) are depicted in Fig. 6.
For
checking efficacy of Attack Simulator on micro-level
the network packets for
the different
classes of simple attacks were generated (for example, Port scanning,
“SYN flood” (SF), Password guessing, and etc.).
