Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
Topological analysis of multi-phase attacks using expert systems
Shahriari, H. R ; Sharif University of Technology | 2008
594
Viewed
- Type of Document: Article
- Publisher: 2008
- Abstract:
- With the increasing number and complexity of network attacks, the demand for automatic vulnerability analysis tools has increased. The prerequisite of making these tools is to have a formal and precise model of network configurations and vulnerabilities. Utilizing this model, network administrators can analyze the effects of vulnerabilities on the network and complex attack scenarios can be detected before happening. In this paper, we present a general logic-based framework for modeling network configurations and topologies. Then, a number of important and wide-spread network vulnerabilities are modeled as general inference rules based on the framework definitions. We implemented the approach using an expert system to analyze network configurations and detect how an attacker may exploit chain of vulnerabilities to reach his goal. Our approach explores all attacking paths and generates the closure of access rights that the attacker can gain by exploiting the vulnerabilities. The time complexity of calculating the closure is polynomial. Having the closure, we can test if a user has a special right over a resource in just O(1) time complexity. Moreover, the firewall filtering rules can be modeled and analyzed to determine the initial accesses in the network. Our framework is more flexible than previous ones, as it can model some major parts of Denial of Service (DoS) attacks and infer about network topology. Finally, a case study is also presented to explore the model applicability and show its efficiency and flexibility
- Keywords:
- Administrative data processing ; Artificial intelligence ; Computer crime ; Computer networks ; Decision support systems ; Electric network topology ; Expert systems ; Filtration ; Ketones ; Management information systems ; Mathematical models ; Microfluidics ; Modal analysis ; Network protocols ; Topology ; (Algorithmic) complexity ; Access rights ; Attack scenarios ; Can test ; Case studies ; Denial of service (DoS) attacks ; General (CO) ; Inference rules ; Multi-phase attacks ; Network administrators ; Network attacks ; Network configurations ; Network topologies ; Network vulnerabilities ; Time complexities ; Topological analysis ; Vulnerability analysis ; Metropolitan area networks
- Source: Journal of Information Science and Engineering ; Volume 24, Issue 3 , 2008 , Pages 743-767 ; 10162364 (ISSN)
- URL: https://jise.iis.sinica.edu.tw/JISESearch/pages/View/PaperView.jsf?keyId=42_703