Modeling modern network attacks and countermeasures using attack graphs

Author(s)

Ingols, Kyle W.; Chu, Matthew D.; Lippmann, Richard P.; Webster, Seth R.; Boyer, Stephen

Abstract

By accurately measuring risk for enterprise networks, attack graphs allow network defenders to understand the most critical threats and select the most effective countermeasures. This paper describes substantial enhancements to the NetSPA attack graph system required to model additional present-day threats (zero-day exploits and client-side attacks) and countermeasures (intrusion prevention systems, proxy firewalls, personal firewalls, and host-based vulnerability scans). Point-to-point reachability algorithms and structures were extensively redesigned to support "reverse" reachability computations and personal firewalls. Host-based vulnerability scans are imported and analyzed. Analysis of an operational network with 84 hosts demonstrates that client-side attacks pose a serious threat. Experiments on larger simulated networks demonstrated that NetSPA's previous excellent scaling is maintained. Less than two minutes are required to completely analyze a four-enclave simulated network with more than 40,000 hosts protected by personal firewalls.

Date issued

2010-02

URI

http://hdl.handle.net/1721.1/59422

Department

Lincoln Laboratory

Journal

Annual Computer Security Applications Conference, 2009. ACSAC '09

Publisher

Institute of Electrical and Electronics Engineers

Citation

Ingols, K. et al. “Modeling Modern Network Attacks and Countermeasures Using Attack Graphs.” Computer Security Applications Conference, 2009. ACSAC '09. Annual. 2009. 117-126. ©2009 Institute of Electrical and Electronics Engineers.

Version: Final published version

Other identifiers

INSPEC Accession Number: 11072835

ISBN

978-0-7695-3919-5

ISSN

1063-9527

Keywords

network reachability, network defense, attack tree, attack graph, SCAP