skip to main content
research-article

Pareto-Optimal Adversarial Defense of Enterprise Systems

Published:09 March 2015Publication History
Skip Abstract Section

Abstract

The National Vulnerability Database (NVD) maintained by the US National Institute of Standards and Technology provides valuable information about vulnerabilities in popular software, as well as any patches available to address these vulnerabilities. Most enterprise security managers today simply patch the most dangerous vulnerabilities—an adversary can thus easily compromise an enterprise by using less important vulnerabilities to penetrate an enterprise. In this article, we capture the vulnerabilities in an enterprise as a Vulnerability Dependency Graph (VDG) and show that attacks graphs can be expressed in them. We first ask the question: What set of vulnerabilities should an attacker exploit in order to maximize his expected impact? We show that this problem can be solved as an integer linear program. The defender would obviously like to minimize the impact of the worst-case attack mounted by the attacker—but the defender also has an obligation to ensure a high productivity within his enterprise. We propose an algorithm that finds a Pareto-optimal solution for the defender that allows him to simultaneously maximize productivity and minimize the cost of patching products on the enterprise network. We have implemented this framework and show that runtimes of our computations are all within acceptable time bounds even for large VDGs containing 30K edges and that the balance between productivity and impact of attacks is also acceptable.

References

  1. Massimiliano Albanese, Sushil Jajodia, Anoop Singhal, and Lingyu Wang. 2013. An efficient approach to assessing the risk of zero-day vulnerabilities. In Proceedings of the 10th International Conference on Security and Cryptpgraphy (SECRYPT). Reykjavik, Iceland.Google ScholarGoogle Scholar
  2. Tansu Alpcan and Sonja Buchegger. 2011. Security games for vehicular networks. IEEE Transactions on Mobile Computing 10, 2 (2011), 280--290. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Eitan Altman, Konstantin Avrachenkov, and Andrey Gamaev. 2009. Jamming in wireless networks: The case of several jammers. In Proceedings of the First ICST International Conference on Game Theory for Networks (GameNets’09). IEEE Press, 585--592. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Paul Ammann, Duminda Wijesekera, and Saket Kaushik. 2002. Scalable, graph-based network vulnerability analysis. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002). Washington, DC, USA, 217--224. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Cynthia Barnhart, Ellis L. Johnson, George L. Nemhauser, Martin W. P. Savelsbergh, and Pamela H. Vance. 1998. Branch-and-price: Column generation for solving huge integer programs. Operations Research 46, 3 (1998), pp. 316--329. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Tamer Basar. 2006. The Gaussian test channel with an intelligent jammer. IEEE Transactions on Information Theory. 29, 1 (2006), 152--157. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Marc Dacier. 1994. Towards Quantitative Evaluation of Computer Security. Ph.D. Dissertation. Institut National Polytechnique de Toulouse.Google ScholarGoogle Scholar
  8. Rinku Dewri, Nayot Poolsappasit, Indrajit Ray, and Darrell Whitley. 2007. Optimal security hardening using multi-objective optimization on attack tree models of networks. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07). ACM, New York, NY, USA, 204--213. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Rinku Dewri, Indrajit Ray, Nayot Poolsappasit, and Darrell Whitley. 2012. Optimal security hardening on attack tree models of networks: a cost-benefit analysis. International Journal of Information Security 11, 3 (2012), 167--188. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Felix Foret. 2004. How to create and deploy a successful patch management policy and program. SANS Institute (2004).Google ScholarGoogle Scholar
  11. Zhu Han, Ninoslav Marina, Mérouane Debbah, and Are Hjørungnes. 2009. Physical layer security game: How to date a girl with her boyfriend on the same table. In Proceedings of the First ICST International Conference on Game Theory for Networks (GameNets’09). IEEE Press, Piscataway, NJ, USA, 287--294. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Sushil Jajodia, Steven Noel, Pramod Kalapa, Massimiliano Albanese, and John Williams. 2011. Cauldron: Mission-centric cyber situational awareness with defense in depth. In Proceedings of the Military Communications Conference (MILCOM 2011).Google ScholarGoogle ScholarCross RefCross Ref
  13. Sushil Jajodia, Steven Noel, and Brian O’Berry. 2005. Managing Cyber Threats: Issues, Approaches, and Challenges. Massive Computing, Vol. 5. Springer, Chapter Topological Analysis of Network Attack Vulnerability, 247--266.Google ScholarGoogle Scholar
  14. Somesh Jha, Oleg Sheyner, and Jeannette Wing. 2002. Two formal analyses of attack graphs. In Proceedings of 15th IEEE Computer Security Foundations Workshop (CSFW 2002). Cape Breton, Canada. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. David S. Johnson, Christos H. Papadimitriou, and Mihalis Yannakakis. 1988. On generating all maximal independent sets. Information Processing Letters 27, 3 (1988), 119--123. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Akshay Kashyap, Tamer Basar, and R. Srikant. 2004. Correlated jamming on MIMO gaussian fading channels. IEEE Transactions on Information Theory 50, 9 (2004), 2119--2123. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Eugene L. Lawler, Jan Karel Lenstra, and A. H. G. Rinnooy Kan. 1980. Generating all maximal independent sets: NP-hardness and polynomial-time algorithms. SIAM Journal on Computing 9, 3 (1980), 558--565.Google ScholarGoogle ScholarCross RefCross Ref
  18. Mohammad Hossein Manshaei, Quanyan Zhu, Tansu Alpcan, Tamer Bacşar, and Jean-Pierre Hubaux. 2013. Game theory meets network security and privacy. ACM Computing Survey 45, 3 (July 2013), 25:1--25:39. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Peter Mell, Tiffany Bergeron, and David Henning. 2005. Creating a patch and vulnerability management program. NIST Special Publication 800-40, Version 2.0 (2005).Google ScholarGoogle Scholar
  20. Peter Mell, Karen Scarfone, and Sasha Romanosky. 2006. Common vulnerability scoring system. IEEE Security & Privacy 4, 6 (November/December 2006), 85--89. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. A. Messac, A. Ismail-Yahaya, and C. A. Mattson. 2003. The normalized normal constraint method for generating the Pareto frontier. Structural and Multidisciplinary Optimization 25, 2 (2003), 86--98.Google ScholarGoogle ScholarCross RefCross Ref
  22. Ibrahim Muter, S. Ilker Birbil, and Kerem Bülbül. 2013. Simultaneous column-and-row generation for large-scale linear programs with column-dependent-rows. Math. Program. 142, 1--2 (2013), 47--82.Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Steven Noel, Eric Robertson, and Sushil Jajodia. 2004. Correlating intrusion events and building attack scenarios through attack graph distances. In Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC 2004). Tucson, AZ, USA, 350--359. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Rodolphe Ortalo, Yves Deswarte, and Mohamed Kaâniche. 1999. Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Transactions on Software Engineering 25, 5 (September/October 1999), 633--650. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Christos H. Papadimitriou. 1994. Computational Complexity. Addison-Wesley. I--XV, 1--523 pages.Google ScholarGoogle Scholar
  26. Cynthia Phillips and Laura Painton Swiler. 1998. A graph-based system for network-vulnerability analysis. In Proceedings of the New Security Paradigms Workshop (NSPW 1998). Charlottesville, VA, USA, 71--79. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Nayot Poolsappasit, Rinku Dewri, and Indrajit Ray. 2012. Dynamic security risk management using bayesian attack graphs. IEEE Transactions on Dependable Security Computing 9, 1 (2012), 61--74. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. C. R. Ramakrishnan and R. Sekar. 2002. Model-based analysis of configuration vulnerabilities. Journal of Computer Security 10, 1/2 (2002), 189--209. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Matei Ripeanu, Adriana Iamnitchi, and Ian T. Foster. 2002. Mapping the gnutella network. IEEE Internet Computing 6, 1 (2002), 50--57. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Ronald W. Ritchey and Paul Ammann. 2000. Using model checking to analyze network vulnerabilities. In Proceedings of the 2000 IEEE Symposium on Research on Security and Privacy (S&P 2000). Berkeley, CA, USA, 156--165. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Oleg Sheyner, Joshua Haines, Somesh Jha, Richard Lippmann, and Jeannette M. Wing. 2002. Automated generation and analysis of attack graphs. In Proceedings of the 2002 IEEE Symposium on Security and Privacy (S&P 2002). Berkeley, CA, USA, 273--284. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Stanford Large Network Dataset Collection. 2014. Gnutella peer to peer network from August 4, 2002. http://snap.stanford.edu/data/p2p-Gnutella04.html. (2014).Google ScholarGoogle Scholar
  33. Laura P. Swiler, Cynthia Phillips, David Ellis, and Stefan Chakerian. 2001. Computer-attack graph generation tool. In Proceedings of the DARPA Information Survivability Conference & Exposition II (DISCEX 2001), Vol. 2. Anaheim, CA, USA, 307--321.Google ScholarGoogle ScholarCross RefCross Ref
  34. Tenable Network Security®. 2014. The Nessus® vulnerability scanner. http://www.tenable.com/products/nessus. (2014).Google ScholarGoogle Scholar
  35. The MITRE Corporation. 2011. Common Weakness Scoring System (CWSS™). http://cwe.mitre.org/cwss/. (June 2011). Version 0.8.Google ScholarGoogle Scholar
  36. Heinrich von Stackelberg, Damien Bazin, Rowland Hill, and Lynn Urch. 2010. Market Structure and Equilibrium. Springer.Google ScholarGoogle Scholar
  37. Lingyu Wang, Anyi Liu, and Sushil Jajodia. 2006a. Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts. Computer Communications 29, 15 (September 2006), 2917--2933. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Lingyu Wang, Steven Noel, and Sushil Jajodia. 2006b. Minimum-cost network hardening using attack graphs. Computer Communications 29, 18 (November 2006), 3812--3824. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Dan Zerkle and Karl Levitt. 1996. NetKuang - A multi-host configuration vulnerability checker. In Proceedings of the 6th USENIX Security Symposium. San Jose, CA, USA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Quanyan Zhu and Tamer Basar. 2009. Dynamic policy-based IDS configuration. In Proceedings of the 48th IEEE Conference on Decision and Control, (CDC'09), combined with the 28th Chinese Control Conference. Shanghai, China. 8600--8605.Google ScholarGoogle ScholarCross RefCross Ref
  41. Quanyan Zhu, Linda Bushnell, and Tamer Basar. 2012a. Game-theoretic analysis of node capture and cloning attack with multiple attackers in wireless sensor networks. In CDC. IEEE, 3404--3411.Google ScholarGoogle Scholar
  42. Quanyan Zhu, Carol J. Fung, Raouf Boutaba, and Tamer Basar. 2012b. GUIDEX: A game-theoretic incentive-based mechanism for intrusion detection networks. IEEE Journal on Selected Areas in Communications 30, 11 (2012), 2220--2230.Google ScholarGoogle ScholarCross RefCross Ref
  43. Quanyan Zhu, Husheng Li, Zhu Han, and Tamer Basar. 2010. A stochastic game model for jamming in multi-channel cognitive radio systems. In ICC. IEEE, 1--6.Google ScholarGoogle Scholar

Index Terms

  1. Pareto-Optimal Adversarial Defense of Enterprise Systems

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM Transactions on Information and System Security
          ACM Transactions on Information and System Security  Volume 17, Issue 3
          March 2015
          124 pages
          ISSN:1094-9224
          EISSN:1557-7406
          DOI:10.1145/2744298
          • Editor:
          • Gene Tsudik
          Issue’s Table of Contents

          Copyright © 2015 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 9 March 2015
          • Accepted: 1 October 2014
          • Revised: 1 August 2014
          • Received: 1 January 2014
          Published in tissec Volume 17, Issue 3

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article
          • Research
          • Refereed

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!