Jin B. Hong

Assessing the Effectiveness of Moving Target Defenses Using Security Models

Cyber crime is a developing concern, where criminals are targeting valuable assets and critical infrastructures within networked systems, causing a severe socio-economic impact on enterprises and individuals. Adopting moving target defense (MTD) helps thwart cyber attacks by continuously changing the attack surface. There are numerous MTD techniques proposed in various domains (e.g., virtualized network, wireless sensor network), but there is still a lack of methods to assess and compare the effectiveness of them. Security models, such as an attack graph (AG), provide a formal method of analyzing the security, but incorporating MTD techniques in those security models has not been studied. In this paper, we incorporate MTD techniques into a security model, namely a hierarchical attack representation model (HARM), to assess the effectiveness of them. In addition, we use importance measures (IMs) for deploying MTD techniques to enhance the scalability. Finally, we compare the scalability of AG and HARM when deploying MTD techniques, as well as changes in performance and security in our experiments.

Scalable Security Models for Assessing Effectiveness of Moving Target Defenses

Moving Target Defense (MTD) changes the attack surface of a system that confuses intruders to thwart attacks. Various MTD techniques are developed to enhance the security of a networked system, but the effectiveness of these techniques is not well assessed. Security models (e.g., Attack Graphs (AGs)) provide formal methods of assessing security, but modeling the MTD techniques in security models has not been studied. In this paper, we incorporate the MTD techniques in security modeling and analysis using a scalable security model, namely Hierarchical Attack Representation Models (HARMs), to assess the effectiveness of the MTD techniques. In addition, we use importance measures (IMs) for scalable security analysis and deploying the MTD techniques in an effective manner. The performance comparison between the HARM and the AG is given. Also, we compare the performance of using the IMs and the exhaustive search method in simulations.

Scalable Attack Representation Model Using Logic Reduction Techniques

Automated construction methods of attack graphs (AGs) and their improved attack representation models (ARMs) have been proposed, but the AG has a state space explosion when analysing the security of very large sized networked systems. Instead, attack trees (ATs) and their improved ARMs can be used (e.g., Defense Trees, Protection Trees, Attack Response Trees, and Attack Countermeasure Trees), because they are a non-state-space model. However, there are no known methods to construct ATs in a scalable manner automatically while maintaining all possible attack scenarios. We can use an AG generation tools, and transform the AG into the AT using min-cuts. However, this method requires a transformation (i.e., an overhead), and computing min-cuts is a NP-hard problem. Another way is to construct ATs directly with given network information. A naive approach is to compute all possible attack paths and populate the AT branches using logic gates (e.g., AND and OR gates), but this method generates an exponential number of nodes, causing a scalability problem. We propose two logic reduction techniques to automate the ATs construction and to reduce the size of the AT. The computational complexity is calculated. The simulation result shows the construction time for the naive method and two logic reduction techniques. The trade-off between the construction time and the memory usage of simplified ATs are also shown.

A framework for automating security analysis of the internet of things

The Internet of Things (IoT) is enabling innovative applications in various domains. Due to its heterogeneous and wide-scale structure, it introduces many new security issues. To address this problem, we propose a framework for modeling and assessing the security of the IoT and provide a formal definition of the framework. Generally, the framework consists of five phases: (1) data processing, (2) security model generation, (3) security visualization, (4) security analysis, and (5) model updates. Using the framework, we can find potential attack scenarios in the IoT, analyze the security of the IoT through well-defined security metrics, and assess the effectiveness of different defense strategies. The framework is evaluated via three scenarios, which are the smart home, wearable healthcare monitoring and environment monitoring scenarios. We use the analysis results to show the capabilities of the proposed framework for finding potential attack paths and mitigating the impact of attacks.

Towards scalable security analysis using multi-layered security models

Security models, such as an attack graph (AG), are widely adopted to assess the security of networked systems, such as utilizing various security metrics and providing a cost-effective network hardening solution. There are various methods of generating these models, but the scalability problem exists for single-layered graph-based security models when analyzing all possible attack paths. To address this problem, we propose to use a multi-layer hierarchical attack representation model (HARM) that models various components in the networked system in different layers to reduce the computational complexity. First, we formulate key questions that need to be answered to assess the scalability of security models. Second, we formally define the multi-layer HARM. Last, we conduct experiments to show the scalability of security models. Our experimental results show that using the HARM can improve the scalability of assessing the security of the networked system significantly in comparison to the single-layered security models in various network scenarios.

Scalable Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems

Security of virtual network systems, such as Cloud computing systems, is important to users and administrators. One of the major issues with Cloud security is detecting intrusions to provide time-efficient and cost-effective countermeasures. Cyber-attacks involve series of exploiting vulnerabilities in virtual machines, which could potentially cause a loss of credentials and disrupt services e.g., privilege escalation attacks. Intrusion detection and countermeasure selection mechanisms are proposed to address the aforementioned issues, but existing solutions with traditional security models e.g., Attack Graphs AG do not scale well with a large number of hosts in the Cloud systems. Consequently, the model cannot provide a security solution in practical time. To address this problem, we incorporate a scalable security model named Hierarchical Attack Representation Model HARM in place of the AG to improve the scalability. By doing so, we can provide a security solution within a reasonable timeframe to mitigate cyber attacks. Further, we show the equivalent security analysis using the HARM and the AG, as well as to demonstrate how to transform the existing AG to the HARM.

Performance Analysis of Scalable Attack Representation Models

Attack graphs (AGs) have been widely used for security analysis. The construction of the graph-based attack models including the AG have been studied, but the security evaluation considering the full attack paths cannot be computed using existing attack models due to the scalability problem. To solve this, we propose to use hierarchical attack representation models (HARMs). First, we formulate key questions that need to be answered to compare the scalability of existing attack models. We show the scalability of the HARMs via simulations, by taking into account practical attack scenario based on various network topologies.

Security Modelling and Analysis of Dynamic Enterprise Networks

Dynamic networks can be characterised by many factors such as changes (e.g., vulnerability change, update of applications and services, topology changes). It is of vital importance to assess the security of such dynamic networks in order to improve the security of them. One way to assess the security is to use a graphical security model. However, the existing graphical security models (e.g., attack graphs and attack trees) have only considered static networks (i.e. the network does not change). It is also unclear how the existing cyber security metrics (e.g., attack cost, shortest attack path) change when the network configuration changes over time. To address this problem, we propose (i) to develop a novel graphical security model named Temporal-Hierarchical Attack Representation Model (T-HARM) to capture network changes and (ii) investigate the effect of network change on the existing cyber security metrics based on the proposed security model. We show how the existing security metrics change when the status of vulnerabilities changes.

Scalable security analysis in hierarchical attack representation model using centrality measures

Network security can be analysed using attack representation models (ARMs) (e.g., Attack Graphs (AGs) and Attack Trees (ATs)). One can analyse the network security by computing all possible attack scenarios, but it suffers from a scalability problem. We propose centrality based network security analysis by ranking important hosts based on network centrality measures, and vulnerabilities based on security metric values. We used two-layer hierarchical attack representation model to evaluate the network security, by taking into account importance of hosts and vulnerabilities in the upper and the lower layers, respectively. We define a new centrality measure based on the location of an attacker and a target. We simulate security analysis using centrality measures comparing with an exhaustive search method. Further, we investigate the performance when the location of the attacker is different in the network.

Availability Modeling and Analysis for Software Defined Networks

Software Defined Network (SDN) is an emerging paradigm for flexible network design and implementation. Availability metric of SDNs is critically demanding further studies. This paper aims to propose hierarchical models to assess the availability of SDNs. We incorporate various failure modes and recovery behaviors in the SDN including (i) link failures at network level, and (ii) software and hardware failures at network device level. We use hierarchical models in which a Reliability Graph (RG) is used to represent the reachability of hosts (and switches) in the SDN at the upper level and Stochastic Reward Net (SRN)s are used to represent the detailed failure and recovery of network devices at the lower level, respectively. We incorporate the programmable capability of the SDN at the upper level (i.e., the RG). We perform numerical analysis to assess the availability of the SDN in terms of steady state availability and downtime in minutes per year, and we also show the sensitivity analysis.