On Monday 22nd June we have a talk by DongSeong Kim who is visiting our group from Canterbury University on his work on modeling cyber security to evaluate the risks within a network. The full details of his seminar is available here and the abstract is reproduced below.
Title: Towards Scalable Cyber Security Modeling and Evaluation Methods
Abstract: How secure is your network? It is not easy to measure security. To quantify and evaluate the network security, attack and defense models (a.k.a., Attack Representation Model (ARM)) can be used. Purely graph based attack representation model (e.g., Attack Graph) has a state-space explosion problem. Tree-based models (e.g., Attack Tree) cannot capture the path information explicitly. Moreover, the complex relationship between the host and the vulnerability information in attack models create difficulty in adjusting to changes in the network, which is impractical for modern dynamic network systems. Generating the ARM and evaluating the security suffer from a scalability problem when the size of the networked system is very large.
In this talk, to deal with the above mentioned issues, we propose hierarchical attack representation models (HARM). The main idea is to separate the network topology information (in the upper level) from the vulnerability information of each host (in the lower level). We propose to use HARM in different phase of lifecycle of the attack and defense models. (1) We compare HARMs with existing attack models, including attack graph and attack tree, and compare their performance in the phase of construction, evaluation and modification. (2) We propose to use k-importance measures to generate a two-layer HARM that will improve the scalability of model generation and security evaluation computational complexities. (3) We propose centrality based network security analysis by ranking important hosts based on network centrality measures, and vulnerabilities based on security metric values. If time permits, we introduce how to use security models to evaluate the effectiveness of Moving Target Defenses. Finally, research avenues in security modeling and assessment will be briefly introduced.
