GENETIC ALGORITHM AND BAYESIAN ATTACK GRAPH FOR SECURITY RISK ANALYSIS AND MITIGATION P.PRAKASH 1 M.

Transcription

1 GENETIC ALGORITHM AND BAYESIAN ATTACK GRAPH FOR SECURITY RISK ANALYSIS AND MITIGATION P.PRAKASH 1 M.SIVAKUMAR 2 1 Assistant Professor/ Dept. of CSE, Vidyaa Vikas College of Engineering and Technology, Tiruchengode, Tamil Nadu. 2 Assistant Professor/ Dept. of IT,Vidyaa Vikas College of Engineering and Technology, Tiruchengode, Tamil Nadu. ABSTRACT Risk assessment determines threats to critical resources and the corresponding loss expectancy.bayesian network is used to model potential attack paths in a system. Knowledge of attackers and attack mechanisms are used to fetch the subset of attack paths. Security risk assessment and mitigation are two vital processes. Models such as attack graphs and attack trees are used to assess the cause-consequence relationships between various network states. Different decision problems are considered to identify the minimum-cost hardening measures. Common Vulnerability Scoring System (CVSS) is used to estimate thesecurity risk and vulnerability levels. Genetic algorithm is used to select solutions for risk mitigation stage.the system performs static and dynamic analysis of risks in networked systems. Single objective and multi objective optimization models are used for solution selection process. The Single Objective Optimization Problem (SOOP) and Multi Objective Optimization Problem (MOOP) solution are prepared with minimum time complexity. 1.INTRODUCTION Traditional information security planning and management begins with risk assessment that determines threats to critical resources and the corresponding loss expectancy.a number of researchers have proposed risk assessment methods by building security models of network systems, using paradigms like attack graphs and attack trees and then finding attack paths in these models to determine scenarios that could lead to damage. System administrators are often interested in assessing the risk to their systems and determining the best possible way to defend their network in terms of an enumerated set of hardening options Jha et al. determine the minimal set of attacks critical for reaching a goal and then find the minimal set of security measures that cover this set of attacks. Such cost analysis techniques are useful, they miss out one major issue. The administrator often has to work within a 1

2 given set of budget constraints that may preclude her from implementing all possible hardening measures or even measures that cover all the weak spots [10]. The current work makes five major contributions. We propose an alternative method of security risk assessment that we call Bayesian Attack Graphs (BAGs). In particular, we adapt the notion of Bayesian belief networks so as to encode the contribution of different security conditions during system compromise. We propose a method to estimate an organization s security risk from different vulnerability exploitations based on the metrics defined in the Common Vulnerability Scoring System (CVSS). We develop a model to quantify the expected return on investment based on a user specified cost model and likelihoods of system compromise. We model the risk mitigation stage as a discrete reasoning problem and propose a genetic algorithm to solve the problem. The algorithm can identify optimal mitigation plans in the context of both single and multi objective analysis. Finally, we discuss how the above contributions collectively provide a platform for static and dynamic analysis of risks in networked systems. 2.RELATED WORKS Attack graphs have been studied in several areas of security risk management. Wang et al. [6] propose an attack graphbased probabilistic metric model to quantify the overall security of network system. As a result, we are able to focus on other applications of attack graph analysis in addition to those proposed by Wang et al. [7] Wang et al. extend attack graph analysis to intrusion detection. Attack graphs are pre generated, and then used as a knowledge base for correlating receiving alerts, hypothesizing missing alerts, and predicting future alerts. Frigault and Wang [1] use Bayesian networks with attack graphs to statically analyze the inherent risk in a network. Frigault et al. [2] introduce a Dynamic Bayesian Networks-based model to incorporate temporal factors and how vulnerabilities evolve over time in their attack graph. Likewise, they model the security of dynamically changing networks. Xie et al. [3] also use Bayesian networks for security risk analysis of networked systems. Dantu et al. [9] also use Bayesian networks fors ecurity risk management. Minimization analysis has been thoroughly studied by several research groups [8]. In minimization analysis, the attack graph model is rewritten in terms of a Conjunctive Normal Form (CNF). The practical use of attack graphs has been studied by Saha [5]. 3. A TEST NETWORK Fig. 1 depicts the test network used in this study.the network consists of eight hosts located in two subnets. A DMZ trihomed firewall is installed with preset policies to ensure web server, Mail server, and the DNS server located in DMZ network and are separated from the local network. 2

3 Fig. 1. Test-bed network model. Lists of initial vulnerabilities are assigned for the test network. These vulnerabilities can produce more than 20 attack scenarios having different outcomes and ranging from information leakage to system compromise. 4.SECURITY RISK ASSESSMENT WITH BAG Security risk management consists of different threat analysis, risk assessment, expected loss, potential safeguards, and risk mitigation analysis. Using BAG, the administrator performs risk assessment and risk mitigation. Static risk assessment and dynamic risk assessment models are used in the system. 4.1 Static Risk Assessment: Risk assessment begins with the identification of system characteristics, threat sources, and attack capabilities. Threat sources can be represented as the external nodes in BAG with their impact on other network attributes. 4.2 Dynamic Risk Assessment: A deployed system may experience first hand attack incidents during its life cycle. BAG can be used for correlation alerts, hypothesize missing and predicting future attacks. An attack incident is evidence that an attribute is in the true state. 5. SECURITY RISK MITIGATION WITH BAG Although many researchers have studied risk assessment schemes, including NIST, the methodologies used to estimate the loss varies from different organisations. Loss can be measured in terms of monetary units, relative magnitudes or multiunits [4]. In a BAG, the security manager can choose to evaluate the risks by considering an expected loss/gain quantity. 5.1 Assessing Security Controls In other words, a security control is a preventive measure that minimizes or eliminates the likelihood of attack on one or more attributes so as to prevent an attacker from reaching its goal.for example, the probability of the node A is initial Pr(A j B;C). Assuming the security measure local access control can influence outcome at A. The probability distribution therefore becomes Pr(A? B,C,M0) and the LCPD of the node is expanded. The probabilities when M0 = 0 are directly taken from the original LCPD. However, probabilities for M = 1 are assigned based on certain subjective belief on the security measure s 3

4 capacity to prevent the attribute s compromise. Note that, the unconditional probability of the control if its state is true. 5.2 Assessing Security Outcomes When using a BAG, a better quantitative representation of the loss/gain is obtained by considering the expected loss/ gain once a set of security measures have been implemented.we augment the BAG with a value signifying the amount of potential loss/gain at each node, and accounting for the security decision during evaluation. Note that we do not assume any particular cost model in our formulation, both for all control cost and loss/gain valuation. The cotrol cost model is usually subjective to organizational policies and hence can differ from one institution to another. 5.3 Assessing the Security Mitigation Plan In order to defend against the attacks possible and a security manager can choose to implement a variety of safeguard technologies of which comes with different cost and coverage. For example, to defend against the ftp/.rhost exploit, one might choose to apply a security patch, firewall, and or simply disable the FTP service. Every choice of action has a different cost and outcome. A security administrator has to assess the technologies and make a decision toward maximum resource utilization. The different objectives we consider in this study are the total security control cost and the varied expected loss/gain. Single objective problem is the most likely approach to be taken by a decision maker. 5.4 Genetic Algorithm The genetic algorithm used in the study begins with a population P0 of N randomly generated security plans. A generation index t = 0, 1,..., GenMAX keeps track of the number of iterations of the algorithm. Every iteration proceeds as follows: The SCC and LG values of every plan in Pt are calculated. N/2 plans are then selected from Pt to form a mating pool Mt. The process of selection is different for SOOP and MOOP, and are discussed later. An offspring population Qt is generated from the mating pool by using the standard single-point binary crossover and mutation operators. The process is then repeated with Pt+1 = Qt [Mt until t =GenMAX.. 6. IMPROVED SECURITY RISK ANALYSIS AND MITIGATION SCHEME WITH BAG The security risk management system is designed using the Bayesian Attack Graphs to assess security risk and mitigating process. The BAG is improved to manage scalability on graph construction, marginal probability estimation and optimal solution selection process. Bayesian attack graph size is controlled with reference to the resource level of the system. Security risk assessment accuracy is reduced due to large sized attack graphs. Attack graph refinement is initiated with reference to the threshold level. 4

5 7. SECURITY RISK MANAGEMENT WITH SCALABILITY SUPPORT vulnerability is estimated with probability values. The system is designed to analyze the risk level and security solutions identification process for the hosts. Bayesian Attack Graph (BAG) is used in the request analysis process. Genetic Algorithm is used for the optimal solution selection process. The system is divided into six major modules. 7.1 Host Monitoring The host monitoring process is designed to collect and analyze the network requests. Request collection is performed for all hosts. Source address, service, protocol and time information are extracted from the network requests. Request count and request interval is estimated for all requests. 7.2 BAG Construction The bayesian attack graph I constructed with request information. Attack details are updated with vulnerability information. Attack similarity is estimated for all attack information. Similar attack information are updated in the same tree level. 7.3 Probability Estimation for Vulnerability Attack information are analyzed with template structure. Static probability and dynamic probability estimation are carried out in the system. Probability is estimated for each vulnerability types. Host based 7.4 Security Risk Assessment Security risk is verified for all hosts using the attack information. Risk probability is compared with the threshold values. Static and dynamic threshold models are used in the system. Security actions are taken with reference to the security risk values. 7.5 Solution Optimization Mitigating solution selection is performed under solution optimization process. The genetic algorithm is used for solution optimization process. Single objective based optimization model uses the selected property. Multi objective based optimization model uses all properties. 7.6 Mitigating Process The accessibility hardening measures are taken under mitigating process. Access privileges are controlled by the system with reference to the attack information. User request verification is increased in the mitigating process. Request count levels are adjusted with attack levels for anomaly detection process. 8. CONCLUSION The security risk management systems are used to monitor network resources and their risk levels. The Bayesian Attack Graphs (BAG) model is used to manage the user activity and attack details. 5

6 The BAG management and marginal probability estimation process is improved with scalability factors. The genetic algorithm based solution is improved for the multi objective function mode. Security risk monitoring process is performed with BAG. Security control is hardened in high risk nodes. Static and dynamic risk analysis is performed. Multi objective functions are used for the mitigating solution process. REFERENCES [1] M. Frigault and L. Wang, Measuring Network Security Using Bayesian Network- Based Attack Graphs, Proc. 32nd Ann. IEEE Int l Computer Software Applications Conf., pp , [2] M. Frigault, L. Wang, A. Singhal, and S. Jajodia, Measuring Network Security Using Dynamic Bayesian Network, Proc. 14 th ACM Workshop Quality of Protection, [3] P. Xie, J.H. Li, X. Ou, P. Liu, and R. Levy, Using Bayesian Networks for Cyber Security Analysis, Proc. 40th IEEE/IFIP Int l Conf. Dependable Systems and Networks, [4] R. Dewri, N. Poolsappasit, I. Ray, and D. Whitley, Optimal Security Hardening Using Multi-Objective Optimization on Attack Tree Models of Networks, Proc. 14th ACM Conf. Computer and Comm. Security, pp , [5] D. Saha, Extending Logical Attack Graph for Efficient Vulnerability Analysis, Proc. 15th ACM Conf. Computer and Comm. Security, pp , [6] L. Wang, A. Singhal, and S. Jajodia, Measuring the Overall Security of Network Configurations Using Attack Graphs, Proc. 21st Ann. IFIP WG 11.3 Working Conf. Data and Application Security, pp , [7] L. Wang, T. Islam, T. Long, A. Singhal, and S. Jajodia, An Attack Graph-Based Probabilistic Security Metric, Proc. 22nd Ann. IFIP WG 11.3 Working Conf. Data and Applications Security, pp , [8] J. Homer and X. Ou, SAT-Solving Approaches to Context-Aware Enterprise Network Security Management, IEEE J. Selected Areas in Comm., vol. 27, no. 3, pp , Apr [9] R. Dantu, P. Kolan, and J. Cangussu, Network Risk Management Using Attacker Profiling, Security and Comm. Networks vol. 2, pp , [10] Nayot Poolsappasit, Rinku Dewri and Indrajit Ray, Dynamic Security Risk Management Using Bayesian Attack Graphs IEEE Transactions On Dependable And Secure Computing, Vol. 9, No. 1, January/February