Models for Threat Assessment in Networks

Abstract

Central to computer security are detecting attacks against systems and managing computer systems to mitigate threats to the system. Attacks exploit vulnerabilities in the system such as a programming flaw. Threats are vulnerabilities which could lead to an attack under certain circumstances. The key to the detection of attacks is discovering an ongoing attack against the system. Mitigating threats involves a continuous assessment of the vulnerabilities in the system and of the risk these vulnerabilities pose with respects to a security policy. Intrusion detection systems (IDS) are programs which detect attacks. The goal is to issue alerts only when an actual attack occurs, but also to not miss any attacks. The biological immune system provides a compelling model on which to base an IDS. This work adds the biological concepts of positive selection and collaboration to artificial immune systems to achieve a better attack detection rate without unduly raising the false alarm rate. Attack graphs assess the threat to the system by showing the composition of vulnerabilities in the system. The key issues with attack graphs are to large networks, ease of coding new attacks into the model, incomplete network information, visualization of the graph and automatic analysis of the graph. This work presents an abstract class model that aggregates individual attacks into abstract classes. Through these abstractions, scalability is greatly increased and the codification of new attacks into the model is made easier when compared to the current approach that models each attack. Clustering of identical machines is used to reduce the visual complexity of the graph and also to increase scalability. Incomplete network information is handled by allowing "what if" evaluations where an administrator can hypothesize about the existence of certain vulnerabilities in the system and investigate their consequences.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2006
Accession Number
ADA456919

Entities

People

  • Melissa Danforth

Organizations

  • University of California, Davis

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Computational Complexity
  • Computer Programming
  • Computer Science
  • Computers
  • Cybersecurity
  • Detection
  • Detectors
  • Immune System
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Lymphocytes
  • Network Protocols
  • Network Science
  • Operating Systems
  • Pattern Recognition
  • Port Scanners

Fields of Study

  • Computer science

Readers

  • Sensor Fusion and Tracking Systems.
  • Strategic Security Studies
  • Systems Analysis and Design

Technology Areas

  • Cyber