abstracted model generator (amg): another perspective of mitigating scalability issues
DESCRIPTION
Su Zhang Computing and Information Science Kansas State University. Abstracted Model Generator (AMG): Another Perspective Of Mitigating Scalability Issues . Background. Two ways of presenting (potential) network security issues. Attack graph. Quantitative value - PowerPoint PPT PresentationTRANSCRIPT
Abstracted Model Generator (AMG): Another Perspective Of Mitigating
Scalability Issues
Su ZhangComputing and Information Science
Kansas State University
Final Project Presentation for CIS 890 2
Background Two ways of presenting (potential)
network security issues.Attack graph.Quantitative value
○ Probability of being compromised of some “asset” (hosts, server, workstation, etc.)
○ Loss expectation (Usually in terms of monetary).
12/7/2010
Final Project Presentation for CIS 890 3
Attack Graphs State Enumerate
Carnegie Mellon University, Oleg Sheyner, et al. 2002○ Extremely poor scalability (exponential).
Logical Dependency GraphsMIT Lincoln Lab Attack Graphs (MIT-LL-AG)(Lippmann et
al. 2006)(Lippmann et al. 2005) ○ Uncertain for large scale networks. [6]
George Mason University (Ammann,Wijesekera, & Kaushik2002)(Jajodia, Noel, & O’Berry 2003)○ Poor scalability (O(N6)). [6]
Kansas State University Attack Graph (KSU-AG)(Xinming Ou, et al. 2006)○ Fastest so far (between O(N2) and O(N3)). [6]
12/7/2010
Final Project Presentation for CIS 890 4
Quantitative Risk Assessment Lingyu Wang, et al. (GMU)
Not scalable (Bayesian Network) Teodor Sommestad, et al. (Royal
Institute of Technology (KTH))Not scalable (Bayesian Network)
John Homer and Xinming Ou. (KSU)De-separate set (Faster than the other two,
but still not fast enough).
12/7/2010
Final Project Presentation for CIS 890 5
Current Limitations Accuracy
Database limitation.○ Vendors don’t publish vulnerability information
until it gets patched.○ Centralized databases (e.g. NVD and OSVDB)
have lots of errors and maintained inconsistently.
ScalabilityCouldn’t be finished fast enough for large
scale networks’ quantitative risk assessment.
12/7/2010
Final Project Presentation for CIS 890 6
How to Mitigate Scalability Issue? – Network Abstraction Downscale enterprise-size networks into
small ones.Easier for SAs to do some basic analysis.Provide trimmed input for analyzers to
mitigate the scalability issues.○ Attack-graph analyzer.○ Quantitative risk assessment analyzer.
12/7/2010
Final Project Presentation for CIS 890 7
Network Abstraction Steps Reachability-based grouping
Grouping all unfiltered nodes (don’t have inter-subnet connections) into one.
Grouping all filtered nodes having same inter-subnet reachability (same in terms of inbound and outbound connections).
Configuration-based breakdownFurther breakdown both unfiltered and
filtered nodes based on their configurations.
12/7/2010
Final Project Presentation for CIS 890 8
Network Abstraction-Beginning Stage
In subnet
Internet
12/7/2010
Final Project Presentation for CIS 890 9
Network Abstraction- Identifying the Reachability Information
In subnet
Filtered
Unfiltered Internet
Hosts without inter-subnet connections
Hosts including inter-subnet connections. Different colors suggest different inter-subnet reachabilities.
12/7/2010
Final Project Presentation for CIS 890 10
Network Abstraction-Merging Unfiltered Nodes into One
In subnetFiltered
Merged unfiltered nodes
into one Internet
Hosts without inter-subnet connections
Hosts including inter-subnet connections. Different colors suggest different reachabilities.
12/7/2010
Final Project Presentation for CIS 890 11
Reachability-based Grouping
In subnet
Filtered
Merged unfiltered nodes
into one Internet
Hosts without inter-subnet connections
Hosts including inter-subnet connections. Different colors suggest different reachabilities. Same-colored nodes are merged.
12/7/2010
Final Project Presentation for CIS 890 12
Configuration-based Breakdown
In subnet
Filtered
Further breakdown unfiltered network based
on configuration Internet
Hosts without inter-subnet connections
Hosts including inter-subnet connections. Different colors suggest different configurations.
12/7/2010
Final Project Presentation for CIS 890 13
Case Study--Configuration Configuration
3 subnets (file servers, work stations and normal user desktops (say subnet1))
10 Hosts per subnet (Divided by two types of configurations (Windows and Linux)).
2 vulnerabilities on each host. The type of vulnerability could be local, remote server and remote client based on CVSS vectors in National Vulnerability Database (NVD).
12/7/2010
Final Project Presentation for CIS 890 14
Case Study--Topology
12/7/2010
Subnet1 (Normal Users)
Internet (Many attackers)
Fi le Servers
Work Stations
2010/ 12/ 7
Coarse Topology
Confi gurat i on NoteDi ff erent Types of computer i n each subnet Suggests di ff erent confi gurati ons.
Final Project Presentation for CIS 890 15
Case Study—Original Attack graph (41K)
12/7/2010
Final Project Presentation for CIS 890 16
Case Study—Attack graph (27K)
12/7/2010
Final Project Presentation for CIS 890 17
Quantitative Results Comparison This part is to be done soon.
Comparing the results from original model and abstracted model is meaningful if the two value are close enough, then we can conclude with that our ANM is useful.
12/7/2010
Final Project Presentation for CIS 890 18
Conclusions AMG can provide SAs a clearer
overview of entire network.
AMG will help SAs to get smaller –sized attack graphs and hence reduce the workload of SAs.
AMG can mitigate scalability issue for quantitative risk assessment.
12/7/2010
Final Project Presentation for CIS 890 19
References [1] Automated generation and analysis of attack graphs. Oleg Sheyner, Joshua
Haines, Somesh Jha, Richard Lippmann, and Jeannette M. Wing. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2002.
[2] Evaluating and strengthening enterprise network security using attack graphs. R.P. Lippmann, K.W. Ingols, C. Scott, K. Piwowarski, K.J. Kratkiewicz, M. Artz, and R.K. Cunningham. Technical Report, MIT Lincoln Laboratory, October, 2005.
[3] Practical attack graph generation for network defense. Kyle Ingols, Richard Lippmann, and Keith Piwowarski. ACSAC 2006.
[4] Minimum-cost network hardening using attack graphs. Lingyu Wang, Steven Noel and Sushil Jajodia. Computer Communications.
[5] Modeling modern network attacks and countermeasures using attack graphs. Kyle Ingols, Matthew Chu, Richard Lippmann, et al. In 25th Annual Computer Security Applications Conference (ACSAC), 2009.
[6] Intelligent Cyber Security Analysis in Enterprise Networks. Jason H. Li and Peng Liu. In Association for the Advancement of Artificial Intelligence (www.aaai.org), 2007.
[7] Advanced Cyber Attack Modeling, Analysis, And Visualization. Sushil Jajodia and Steven Noel. Final Technical Report, March 2010.
[8] Measuring network security using Dynamic Bayesian Network. Marcel Frigault, Lingyu Wang, Anoop Singhal, and Sushil Jajodia. In Proceedings of the 4th ACM workshop on Quality of Protection (QoP), 2008.
[9] A probabilistic relational model for security risk analysis. Teodor Sommestad*, Mathias Ekstedt and Pontus Johnson. Journal of Computer & Security 29, 2010 pp 659-679.
12/7/2010
Final Project Presentation for CIS 890 20
Questions & Discussions
Thank you!
12/7/2010