Modeling modern network attacks and countermeasures using attack graphs
By accurately measuring risk for enterprise networks, attack graphs allow network defenders to understand the most critical threats and select the most effective countermeasures. This paper describes substantial enhancements to the NetSPA attack graph system required to model additional present-day...
| Main Authors: | , , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | en_US |
| Published: |
Institute of Electrical and Electronics Engineers
2010
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/1721.1/59422 |
| _version_ | 1826201645046824960 |
|---|---|
| author | Ingols, Kyle W. Chu, Matthew D. Lippmann, Richard P. Webster, Seth R. Boyer, Stephen |
| author2 | Lincoln Laboratory |
| author_facet | Lincoln Laboratory Ingols, Kyle W. Chu, Matthew D. Lippmann, Richard P. Webster, Seth R. Boyer, Stephen |
| author_sort | Ingols, Kyle W. |
| collection | MIT |
| description | By accurately measuring risk for enterprise networks, attack graphs allow network defenders to understand the most critical threats and select the most effective countermeasures. This paper describes substantial enhancements to the NetSPA attack graph system required to model additional present-day threats (zero-day exploits and client-side attacks) and countermeasures (intrusion prevention systems, proxy firewalls, personal firewalls, and host-based vulnerability scans). Point-to-point reachability algorithms and structures were extensively redesigned to support "reverse" reachability computations and personal firewalls. Host-based vulnerability scans are imported and analyzed. Analysis of an operational network with 84 hosts demonstrates that client-side attacks pose a serious threat. Experiments on larger simulated networks demonstrated that NetSPA's previous excellent scaling is maintained. Less than two minutes are required to completely analyze a four-enclave simulated network with more than 40,000 hosts protected by personal firewalls. |
| first_indexed | 2024-09-23T11:54:35Z |
| format | Article |
| id | mit-1721.1/59422 |
| institution | Massachusetts Institute of Technology |
| language | en_US |
| last_indexed | 2024-09-23T11:54:35Z |
| publishDate | 2010 |
| publisher | Institute of Electrical and Electronics Engineers |
| record_format | dspace |
| spelling | mit-1721.1/594222022-09-27T22:46:24Z Modeling modern network attacks and countermeasures using attack graphs Ingols, Kyle W. Chu, Matthew D. Lippmann, Richard P. Webster, Seth R. Boyer, Stephen Lincoln Laboratory Ingols, Kyle W. Ingols, Kyle W. Chu, Matthew D. Lippmann, Richard P. Webster, Seth R. Boyer, Stephen network reachability network defense attack tree attack graph SCAP By accurately measuring risk for enterprise networks, attack graphs allow network defenders to understand the most critical threats and select the most effective countermeasures. This paper describes substantial enhancements to the NetSPA attack graph system required to model additional present-day threats (zero-day exploits and client-side attacks) and countermeasures (intrusion prevention systems, proxy firewalls, personal firewalls, and host-based vulnerability scans). Point-to-point reachability algorithms and structures were extensively redesigned to support "reverse" reachability computations and personal firewalls. Host-based vulnerability scans are imported and analyzed. Analysis of an operational network with 84 hosts demonstrates that client-side attacks pose a serious threat. Experiments on larger simulated networks demonstrated that NetSPA's previous excellent scaling is maintained. Less than two minutes are required to completely analyze a four-enclave simulated network with more than 40,000 hosts protected by personal firewalls. United States. Air Force (Contract FA8721-05-C-0002) 2010-10-20T14:49:03Z 2010-10-20T14:49:03Z 2010-02 2009-12 Article http://purl.org/eprint/type/ConferencePaper 978-0-7695-3919-5 1063-9527 INSPEC Accession Number: 11072835 http://hdl.handle.net/1721.1/59422 Ingols, K. et al. “Modeling Modern Network Attacks and Countermeasures Using Attack Graphs.” Computer Security Applications Conference, 2009. ACSAC '09. Annual. 2009. 117-126. ©2009 Institute of Electrical and Electronics Engineers. en_US http://dx.doi.org/10.1109/ACSAC.2009.21 Annual Computer Security Applications Conference, 2009. ACSAC '09 Article is made available in accordance with the publisher's policy and may be subject to US copyright law. Please refer to the publisher's site for terms of use. application/pdf Institute of Electrical and Electronics Engineers IEEE |
| spellingShingle | network reachability network defense attack tree attack graph SCAP Ingols, Kyle W. Chu, Matthew D. Lippmann, Richard P. Webster, Seth R. Boyer, Stephen Modeling modern network attacks and countermeasures using attack graphs |
| title | Modeling modern network attacks and countermeasures using attack graphs |
| title_full | Modeling modern network attacks and countermeasures using attack graphs |
| title_fullStr | Modeling modern network attacks and countermeasures using attack graphs |
| title_full_unstemmed | Modeling modern network attacks and countermeasures using attack graphs |
| title_short | Modeling modern network attacks and countermeasures using attack graphs |
| title_sort | modeling modern network attacks and countermeasures using attack graphs |
| topic | network reachability network defense attack tree attack graph SCAP |
| url | http://hdl.handle.net/1721.1/59422 |
| work_keys_str_mv | AT ingolskylew modelingmodernnetworkattacksandcountermeasuresusingattackgraphs AT chumatthewd modelingmodernnetworkattacksandcountermeasuresusingattackgraphs AT lippmannrichardp modelingmodernnetworkattacksandcountermeasuresusingattackgraphs AT webstersethr modelingmodernnetworkattacksandcountermeasuresusingattackgraphs AT boyerstephen modelingmodernnetworkattacksandcountermeasuresusingattackgraphs |