Self-ad-MCNHA-SLOS - A Self-adaptive Minimum-Cost Network Hardening Algorithm based on Stochastic Loose Optimize Strategy

Yonglin Sun, Yongjun Wang, Yi Zhang

2012

Abstract

Given a network, it inevitable contains various vulnerabilities, which could be exploited by malicious attackers. It is an effective way to harden a network by searching and remedying those critical vulnerabilities. That is the so-called Minimum-Cost Network Hardening (MCNH) problem, but there haven’t any effective enough method to address this problem yet, especially, when facing large-scale network. We proposed Self-ad-MCNHA-SLOS, an algorithm using Stochastic Loose Optimize Strategy (SLOS) and self-adaptive parameter adjustment method ingeniously, to meet the problem. Experiment results show that it has the merits of high-efficiency, controllable, asymptotically optimal, and suitable for large-scale network.

References

  1. S. Jha, etc., 2002. Two Formal Analyses of Attack Graphs. In CSFW'02, 15th IEEE Computer Security Foundations Workshop.
  2. Steven Noel, etc., 2003. Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs. In ACSAC'03, 19th Annual Computer Security Applications Conference.
  3. Lingyu Wang, etc., 2006. Minimum-Cost Network Hardening Using Attack Graphs. Computer Communications, Vol. 29, Issue 18, pp. 3812--3824.
  4. John Homer, etc., 2008. From Attack Graphs to Automated Configuration Management - An Iterative Approach. Kansas State University Technical Report.
  5. Feng Chen, etc., 2008. An Efficient Approach to Minimum-Cost Network Hardening Using Attack Graphs. In IAS'2008, 4th International Conference on Information Assurance and Security.
  6. Laura P. Swiler, etc., 2001. Computer-Attack Graph Generation Tool. In DISCEX'01, DARPA Information Survivability Conference &Exposition II.
  7. Oleg Sheyner, etc., 2002. Automated Generation and Analysis of Attack Graphs. In S&P' 02, IEEE Symposium on Security and Privacy.
  8. Paul Ammann, etc., 2002. Scalable, Graph-Based Network Vulnerability Analysis. In CCS'02, 9th ACM conference on Computer and communications security.
  9. R. P. Lippmann, etc., 2005. Evaluating and Strengthening Enterprise Network Security Using Attack Graphs. Technical Report, MIT Lincoln Laboratory.
  10. Xinming Ou, etc., 2005. MulVAL: A logic-based network security analyzer. In 14th USENIX Security Symposium.
  11. Xinming Ou, etc., 2006. A scalable approach to attack graph generation. In CCS'06, 13th ACM conference on Computer and communications security.
  12. Kyle Ingols, etc., 2006. Practical attack graph generation for network defense. In ACSAC'06, 22nd Annual Computer Security Applications Conference.
  13. Feng Chen, etc., 2009. Two Scalable Approaches to Analyzing Network Security Using Compact Attack Graphs. In IEEC'09, International Symposium on Information Engineering and Electronic Commerce.
  14. Vaibhav Mehta, etc., 2006. Ranking attack graphs. In RAID'06, Recent Advances in Intrusion Detection .
  15. Richard Lippmann, etc., 2007. An interactive attack graph cascade and reachability display. In VizSEC 7807, IEEE Workshop on Visualization for Computer Security.
  16. J. Homer, etc., 2008. Improving attack graph visualization through data reduction and attack grouping. In VizSEC'08, 5th International Workshop on Visualization for Cyber Security.
  17. Zhaohui Fu, etc., 2006. Solving the minimum-cost satisfiability problem using sat based branch and bound search. In ICCAD'06, International Conference on Computer-Aided Design.
  18. Xiaoyu Li, 2004. Optimization Algorithms for the Minimum-Cost Satisfiability Problem. PhD thesis, North Carolina State University.
Download


Paper Citation


in Harvard Style

Sun Y., Wang Y. and Zhang Y. (2012). Self-ad-MCNHA-SLOS - A Self-adaptive Minimum-Cost Network Hardening Algorithm based on Stochastic Loose Optimize Strategy . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 372-378. DOI: 10.5220/0004022803720378


in Bibtex Style

@conference{secrypt12,
author={Yonglin Sun and Yongjun Wang and Yi Zhang},
title={Self-ad-MCNHA-SLOS - A Self-adaptive Minimum-Cost Network Hardening Algorithm based on Stochastic Loose Optimize Strategy},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={372-378},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004022803720378},
isbn={978-989-8565-24-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Self-ad-MCNHA-SLOS - A Self-adaptive Minimum-Cost Network Hardening Algorithm based on Stochastic Loose Optimize Strategy
SN - 978-989-8565-24-2
AU - Sun Y.
AU - Wang Y.
AU - Zhang Y.
PY - 2012
SP - 372
EP - 378
DO - 10.5220/0004022803720378