Visible to the public Security Metric for Networks with Intrusion Detection Systems having Time Latency using Attack Graphs

TitleSecurity Metric for Networks with Intrusion Detection Systems having Time Latency using Attack Graphs
Publication TypeConference Paper
Year of Publication2021
AuthorsBardhan, Shuvo, Battou, Abdella
Conference Name2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC)
Date Publishedjul
KeywordsAdaptation models, attack graph, Attack Graphs, composability, Computational modeling, Estimation, Intrusion detection, intrusion detection system, Measurement, Predictive Metrics, Probabilistic logic, pubcrawl, Resiliency, Security Metric and Time Latency, security metrics, Security Risk Estimation, Uncertainty
AbstractProbabilistic security metrics estimate the vulnerability of a network in terms of the likelihood of an attacker reaching the goal states (of a network) by exploiting the attack graph paths. The probability computation depends upon several assumptions regarding the possible attack scenarios. In this paper, we extend the existing security metric to model networks with intrusion detection systems and their associated uncertainties and time latencies. We consider learning capabilities of attackers as well as detection systems. Estimation of risk is obtained by using the attack paths that are undetectable owing to the latency of the detection system. Thus, we define the overall vulnerability (of a network) as a function of the time window available to an attacker for repeated exploring (via learning) and exploitation of a network, before the attack is mitigated by the detection system. Finally, we consider the realistic scenario where an attacker explores and abandons various partial paths in the attack graph before the actual exploitation. A dynamic programming formulation of the vulnerability computation methodology is proposed for this scenario. The nature of these metrics are explained using a case study showing the vulnerability spectrum from the case of zero detection latency to a no detection scenario.
DOI10.1109/COMPSAC51774.2021.00151
Citation Keybardhan_security_2021