Classification of Attributes and Behavior in Risk Management Using Bayesian Networks Page: 71
The following text was automatically extracted from the image on this page using optical character recognition software:
Classification of Attributes and Behavior in
Risk Management Using Bayesian Networks
Ram Dantu, Prakash Kolan, Robert Akl, Kall Loper
Abstract- Security administration is an uphill task to
implement in an enterprise network providing secured corporate
services. With the slew of patches being released by network
component vendors, system administrators require a barrage of
tools for analyzing the risk due to vulnerabilities in those
components. In addition, criticalities in patching some end hosts
raises serious security issues about the network to which the end
hosts are connected. In this context, it would be imperative to
know the risk level of all critical resources keeping in view the
everyday emerging new vulnerabilities. We hypothesize that
sequence of network actions by attackers depends on their social
and attack profile (behavioral resources such as skill level, time,
and attitude). To estimate the types of attack behavior, we
surveyed individuals for their ability and attack intent. Using the
individuals' responses, we determined their behavioral resources
and classified them as having opportunist, hacker, or explorer
behavior. The profile behavioral resources can be used for
determining risk by an attacker having that profile. Thus,
suitable vulnerability analysis and risk management strategies
can be formulated to efficiently curtail the risk from different
types of attackers.
Index Terms-Attack Graphs, Behavior, Risk Management
W ITH the increase in the number of hosts connected to
the network, there is always a mounting risk for
protecting computers from outside attacks. In addition to this,
improper configuration of network hosts results in host
vulnerabilities because of which the hosts are susceptible to
outside attacks. For managing the security of a network,
security engineers identify security holes by probing the
network hosts, asses the risks associated with the
vulnerabilities on the computer hosts and fix host
vulnerabilities using patches released by the vendors.
We see frequent releases of patches from product
vendors (Microsoft, IBM, and HP). Patching up network hosts
is a short-term solution for avoiding an attack, but this requires
fixing the vulnerabilities in all of the network hosts and its
components. This process of patching end hosts requires a
great deal of human intervention, time and money. The
situation worsens when the already present state of the art
monitoring tools are not effective in identifying new
vulnerabilities. These everyday emerging vulnerabilities
provide different attack probabilities depending on the type of
attacker profile (e.g., script kiddie, hacker).
A considerable amount of work has been reported on
attacker profiles and risk management on an individual basis.
Jackson introduces the notion of behavioral assessment to
find out the intent behind the attack. Rogers proposed
different categorizations of a hacker community and advices
derivation of hacker profiles using intruder behavior. Yuill
profiles detection of an on-going attack by developing a
profile of the attacker using the information revealed about
themselves during the attacks. There are several works in the
literature on hacker profiles [5, 6, 9] but none of them tie the
profiles to any exploits in the network. All the theories
proposed account for the hacker behavior. To our knowledge,
no work has been reported on integrating behavior-based
profiles with sequence of network actions for computing the
vulnerability of resources.
On the other hand, attack graphs are beginning to be used to
formalize the risks of a given network topology and exploits.
Sheyner attempts to model a network by constructing an
attack graph using symbolic model checking algorithms.
Moore documents attacks on enterprises in the form of
attack trees, where each path from the root to the end node
documents how an attacker could realize their desire of
exploiting the host and ultimately the network. However,
current research like [11-13] does not combine the behavior
and risk management with these graph transitions.
For many years security engineers have been doing risk
analysis using economic models for the design and operation
of risk-prone, technological systems [1, 3, 4, 5] using attack
profiles. A considerable amount of research has been reported
on developing profiles of an attacker based on the evidence
left behind during an attack. We believe that integrating this
research could improve the process of risk analysis. Many
articles explain how intruders break into systems [14-15].
Companies like Psynapse, Amenaza, and Esecurity have built
products using the behavior of intruders. This paper marries
profiling with chain of exploits, and detects highly vulnerable
resources in the network. Our work uses the theory from
criminology, statistical analysis, behavioral-based security,
and attack graphs for computing risk levels of network
II. ATTACK GRAPHS
Attack graphs or attack trees have been increasingly
formalized to be a model for representing system and network
security based on various attacks. An attack graph can be
created using network topology, interconnection between
hosts, and various vulnerabilities of each host [11, 12, 13].
These attack graphs represent the sequence of network actions
for exploiting each network resource and ultimately the whole
network. Consider for example a network hosting ftp, ssh, and
database services as shown in Fig. 1.
1-4244-1330-3/07/$25.00 2007 IEEE.
Here’s what’s next.
This paper can be searched. Note: Results may vary based on the legibility of text within the document.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Paper.
Dantu, Ram; Kolan, Prakash; Loper, Kall & Akl, Robert G. Classification of Attributes and Behavior in Risk Management Using Bayesian Networks, paper, March 2007; (digital.library.unt.edu/ark:/67531/metadc30836/m1/1/: accessed January 24, 2017), University of North Texas Libraries, Digital Library, digital.library.unt.edu; crediting UNT College of Engineering.