Metrics-based Computer Network Defence Decision Support

Abstract

Recent advances in the construction and analysis of attack graphs have provided new tools to network defenders. Even so, improving the security of networks remains an incredibly complex task. With increasing numbers of vulnerabilities, maturing attacker tools, and organizations becoming ever more reliant on computer network infrastructure, automation and recommendation tools are essential. Much course of action recommendation research to date has worked with the assumption that perfect network security is possible. In reality, network administrators balance security with usability and so they tolerate vulnerabilities and imperfect security. In this paper we present course of action recommendation algorithms that compute efficient and effective solutions which improve the security of networks within real-world constraints including patch availability, resource costs, and usability costs. Our solution builds upon existing metric research in order to give courses of action that maximally disrupt an attacker's ability to reach critical targets of the administrator's choosing. A polynomial time algorithm makes greedy choices to produce courses of action that are almost always the optimal choices computed by an exponential algorithm, making our solution especially useful in practice. We demonstrate the value of our solution through several experiments.

Document Details

Document Type

Technical Report

Publication Date

Nov 01, 2010

Accession Number

ADA546407

Entities

Tags