Attack graph approach to dynamic network vulnerability analysis and countermeasures
Name:
REPOSITORY Thaier Hamid received ...
Size:
4.734Mb
Format:
PDF
Description:
PhD Thesis
Authors
Hamid, Thaier K.A.Issue Date
2014-03Subjects
attack graphdynamic network
attack graphs
computer networking
Dynamic Vulnerability Scoring System
G490 Computing Science not elsewhere classified
network attacks
network vulnerability
Metadata
Show full item recordAbstract
It is widely accepted that modern computer networks (often presented as a heterogeneous collection of functioning organisations, applications, software, and hardware) contain vulnerabilities. This research proposes a new methodology to compute a dynamic severity cost for each state. Here a state refers to the behaviour of a system during an attack; an example of a state is where an attacker could influence the information on an application to alter the credentials. This is performed by utilising a modified variant of the Common Vulnerability Scoring System (CVSS), referred to as a Dynamic Vulnerability Scoring System (DVSS). This calculates scores of intrinsic, time-based, and ecological metrics by combining related sub-scores and modelling the problem’s parameters into a mathematical framework to develop a unique severity cost. The individual static nature of CVSS affects the scoring value, so the author has adapted a novel model to produce a DVSS metric that is more precise and efficient. In this approach, different parameters are used to compute the final scores determined from a number of parameters including network architecture, device setting, and the impact of vulnerability interactions. An attack graph (AG) is a security model representing the chains of vulnerability exploits in a network. A number of researchers have acknowledged the attack graph visual complexity and a lack of in-depth understanding. Current attack graph tools are constrained to only limited attributes or even rely on hand-generated input. The automatic formation of vulnerability information has been troublesome and vulnerability descriptions are frequently created by hand, or based on limited data. The network architectures and configurations along with the interactions between the individual vulnerabilities are considered in the method of computing the Cost using the DVSS and a dynamic cost-centric framework. A new methodology was built up to present an attack graph with a dynamic cost metric based on DVSS and also a novel methodology to estimate and represent the cost-centric approach for each host’ states was followed out. A framework is carried out on a test network, using the Nessus scanner to detect known vulnerabilities, implement these results and to build and represent the dynamic cost centric attack graph using ranking algorithms (in a standardised fashion to Mehta et al. 2006 and Kijsanayothin, 2010). However, instead of using vulnerabilities for each host, a CostRank Markov Model has developed utilising a novel cost-centric approach, thereby reducing the complexity in the attack graph and reducing the problem of visibility. An analogous parallel algorithm is developed to implement CostRank. The reason for developing a parallel CostRank Algorithm is to expedite the states ranking calculations for the increasing number of hosts and/or vulnerabilities. In the same way, the author intends to secure large scale networks that require fast and reliable computing to calculate the ranking of enormous graphs with thousands of vertices (states) and millions of arcs (representing an action to move from one state to another). In this proposed approach, the focus on a parallel CostRank computational architecture to appraise the enhancement in CostRank calculations and scalability of of the algorithm. In particular, a partitioning of input data, graph files and ranking vectors with a load balancing technique can enhance the performance and scalability of CostRank computations in parallel. A practical model of analogous CostRank parallel calculation is undertaken, resulting in a substantial decrease in calculations communication levels and in iteration time. The results are presented in an analytical approach in terms of scalability, efficiency, memory usage, speed up and input/output rates. Finally, a countermeasures model is developed to protect against network attacks by using a Dynamic Countermeasures Attack Tree (DCAT). The following scheme is used to build DCAT tree (i) using scalable parallel CostRank Algorithm to determine the critical asset, that system administrators need to protect; (ii) Track the Nessus scanner to determine the vulnerabilities associated with the asset using the dynamic cost centric framework and DVSS; (iii) Check out all published mitigations for all vulnerabilities. (iv) Assess how well the security solution mitigates those risks; (v) Assess DCAT algorithm in terms of effective security cost, probability and cost/benefit analysis to reduce the total impact of a specific vulnerability.Citation
Hamid, T. (2014) 'Attack graph approach to dynamic network vulnerability analysis and countermeasures'. PhD thesis. University of Bedfordshire.Publisher
University of BedfordshireType
Thesis or dissertationLanguage
enDescription
A thesis submitted to the University of Bedfordshire, in partial fulfilment of the requirements for the degree of Doctor of PhilosophyCollections
The following license files are associated with this item:
Related items
Showing items related by title, author, creator and subject.
-
Application of optimization methods for resource allocation in cognitive radio-supported vehicular networksEze, Joy Chinedu (University of BedfordshireUniversity of Bedfordshire, 2021-07)The highly anticipated era of vehicular communication networks which is also an integral aspect of Intelligent Transportation Systems (ITS) will undeniably improve transport safety and significantly reduce road accidents. To promote the communication of mobile vehicles, US FCC officially allocated a meagre 75 MHz spectrum in the 5.9 GHz band to enable vehicular communication. Cognitive Radio Networks (CRNs) are adaptive, intelligent and reconfigurable wireless communications systems with CR technologies capable of learning from their surroundings and deciding their operations based on the learning. The application of CR technology to vehicular networks in order to increase the spectrum resource opportunities is studied in this research. Applying CR technology to vehicular networks is crucial especially when the officially allocated 75 MHz spectrum in 5.9 GHz band is not enough due to high demands as a result of increasing number of connected vehicles as already foreseen in the near era of Internet of vehicles (IoVs), which is also known as vehicular ad hoc networks (VANETs). We proposed a novel CR Assisted Vehicular NETwork (CRAVNET) framework which empowers CR assisted vehicles to make opportunistic usage of licensed spectrum bands on the highways and developed a novel co-operative three-state spectrum sensing and allocation solution which makes CR vehicular SUs aware of additional spectrum resources opportunities on their current and future positions. Furthermore, a novel Adaptive CR Enabled Vehicular NETwork (ACRAVNET) framework is proposed to ensure high spectrum sensing efficiency and provide quality of service (QoS) support. To avoid heavy overhead usually incurred during spectrum sensing, we developed a novel CR adaptive spectrum sensing (CRASS) scheme that can reduce the spectrum sensing cost and improve sensing performance effectively. We also applied the concept of Nash Bargaining Solution (NBS) to guarantee fairness in spectral resources allocation and proposed a generalized non-symmetric NBS (GNNBS) to perform a non-symmetric cognitive inter-cell spectrum allocation in the proposed ACRAVNET framework. Both the simulation and theoretical analysis have demonstrated that our solution can significantly improve the performance of a cooperative spectrum sensing and sharing schemes and provide vehicles with additional spectrum opportunities with zero interference against the PUs activities. Additionally, the problem of joint optimal subcarrier and transmission power allocation with QoS support for enhanced packet transmission over a cognitive radio-enabled IoVs network system is also considered in this research study. To tackle the problem, a novel Symmetric Nash bargaining solution (SNBS) based wireless radio resource scheduling scheme in orthogonal frequency division multiple access (OFDMA) CR enabled IoVs network systems is proposed. The objective of the optimization model applied in this study is to maximize the overall system throughput of the CR enabled IoVs system without harmful interference to transmissions of the shared channels’ licensed owners (or primary users (PUs)), guarantee the proportional fairness and minimum data-rate requirement of each CR vehicular secondary user (CRV-SU) and efficient transmission power allocation amongst CRV-SUs. To avoid the iterative processes associated with searching the optimal solution numerically through iterative programming methods, this study developed a low-complexity algorithm. Theoretical analysis and simulation results demonstrate that under similar conditions, the proposed solutions outperform the reference scheduler schemes.
-
Spatial diversity for wireless LANsBrito, Rodrigo; Allen, Ben; Dohler, Mischa; Aghvami, A.Hamid; University of Bristol (IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 2004-05)Wireless local area networks (W-LAN) are widely used as a means of providing broadband access for high-speed wireless data services. The maximization of the system performance independent of the transceiver technology and the operating environment is of utmost importance to the hotspot system designer. This paper reports on the performance of single input and multiple output (SIMO) W-LAN systems and shows that a circular array topology located at the access point provides the best performance improvement compared to other candidate technologies when operating in an indoor office environment.
-
Cross-validation based man-in-the-middle attack protectionCui, Xiaofei (University of Bedfordshire, 2017-03)In recent years, computer network has widely used in almost all areas of our social life. It has been profoundly changing the way of our living. However, various network attacks have become an increasingly problem at the same time. In local area networks, Man-in-the-Middle attack, as one kind of ARP attack, is the most common attack. This research implemented a cross-validation based Man-in-the-Middle attack protection method (CVP). This approach enables a host to check whether another host that responds the initialising host with an ARP reply packet is genuine. It then allows the ARP cache table of the initialising hosts to be updated with the MAC address and IP address pairs of the genuine host and to place the MAC address of inauthentic hosts into a blacklist. This research introduced ARP and ICMP firstly, including the structure of ARP and ICMP packets, and their workflows. Secondly, this research discussed the types of ARP attacks and the existing ARP attacks protection methods, including their principles, applicable environment, advantages and disadvantages. Then, this research proposed and implemented a cross-validation based Man-in-the-Middle attack protection method. Simulations and experiments were performed to examine the effect of CVP method. The results show the effectiveness of the proposed cross-validation based method in protecting network from Man-in-the-Middle attack. Compared with the existing Man-in-the-Middle attack protection methods, CVP requires no extra devices and administration, leading to more secure local area networks and low cost. It also has made a “tabu” to attackers. That is, it places the MAC address of attackers into a blacklist. So they will be identified immediately if they try to attack the network again.