Computer security professionals and researchers are investigating proactive techniques for studying network-based attack behavior. Attack modeling is one of these research areas. In this dissertation, we address a novel attack modeling technique called an exploitation graph (e-graph) for representing attack scenarios. The key assumption in this research is that we can use exploitation graphs to represent attack scenarios, and methods involving e-graphs can be applied to provide vulnerability mitigation strategies. The modeling process consists of three primary steps. The first step is the creation of a knowledge base of vulnerability graphs (v-graphs) from known system vulnerabilities. Each v-graph shows necessary preconditions in order to make the vulnerability exploitable, and post-conditions that denote effects after a successful exploitation. A template is used to facilitate the definition of preconditions and post-conditions. The second step involves the association of multiple v-graphs to create an e-graph specific to a system being modeled. Network topology information and security policies (e.g., firewall rules) are encoded during the modeling process. A set of experiments were designed to test the modeling approach in a cluster computing environment consisting of one server node and eight internal computing nodes. Experimental results showed that e-graphs can be used to evaluate vulnerability mitigation solutions, e.g., identifying critical vulnerabilities and evaluating firewall policies. The third step of this process focuses on devising graph-simplification techniques for large e-graphs. Efficient graph-simplification techniques are described based on host and exploitation similarity. The most distinctive feature of these techniques is that, they help to simplify the most complex graph-generation process and do not require excessive memory storage. Experimental results showed that these techniques can not only reduce the size of e-graphs substantially, but also preserve most information needed for useful attack scenario analysis. The usefulness of the e-graph approach is shown in this dissertation. As a general approach for system administrators, the proposed techniques can be used in, but is not limited to, the cluster-computing environment in providing proactive Vulnerability Assessment (VA) strategies.
| Identifer | oai:union.ndltd.org:MSSTATE/oai:scholarsjunction.msstate.edu:td-1478 |
| Date | 10 December 2005 |
| Creators | Li, Wei |
| Publisher | Scholars Junction |
| Source Sets | Mississippi State University |
| Detected Language | English |
| Type | text |
| Format | application/pdf |
| Source | Theses and Dissertations |
Page generated in 0.002 seconds