Revista de la Facultad de Ingeniería

In order to carry out real-time evaluation on the network or information system, this paper proposes the D-S evidence attack graph model and its derivative method of incremental real-time evaluation. Based on this, it raises the incremental real-time evaluation method on the basis of the D-S evidence attack graph model, which can be divided into four layers in space of detection, attack, host and the network, and into two phases in time of initialization and real-time updating. This method well restrains the failed and false alarm in the security alarm by using the D-S evidence attack graph model. With perfect functions, it will blend and associate the attack alarm and then carry out credibility calculations of attack and prediction in three layers of node, host and the network in order to further accurately restore the attack scene and predict the attack behavior. Additionally, it can calculate the values of corresponding threats and the final trend of the network security to further identify the situations of security threats in three layers of node, host and the network. Because it is a kind of incremental evaluation method with the same complexity as a linear algorithm and high real-time performance, it can be utilized for a real-time assessment of large-scale network security. In the end, this thesis verifies the accuracy and effectiveness of this method and its features of high performance and expandability.

Ammann R. (2000).Using Model Checking to Analyze Network Vulnerabilities. Proc. of the IEEE Symposium on Security and Privacy, 8(3), 156-165.

Capper R. (1998).Model-based Vulnerability Analysis of Computer Systems. Proc of the 2nd International Workshop on Verification, 12(2),12-19.

Cecter H., Meeamer S. (2000).Software Fault Tree and Colored Petri net based Specification, Design and Implementation of Agent-based Intrusion Detection System. Requirements Engineering,7(4), 207-220.

Cure P., Leary S. (1998).A graph-based system for network-vulnerability analysis. Proc. Of the workshop on new security paradigms, 9(12), 71-79.

Ingols L. (2005).An annotated review of past papers on attack graphs. Technical Report, MIT Lincoln Laboratory.

Ingols L. (2006).Validating and Restoring Defense in Depth Using Attack Graphs. Process of the Military Computer Confidence, 2006, 10(2), 1-10.

Kijsanayothin H. (2008).Host-Centric Model Checking for Network Vulnerability Analysis. Annual Computer Security Applications Conference,12(2), 225-234.

Lurry S., Caller P. (2001).Computer-attack graph generation tool. Proc. Of DARPA Info. Surv. Conf. & Expo., 2(9), 307-321.

Jalili S. (2004).Using CSP to Model and Analyze Transmission Control Vulnerabilities Within the Broadcast Network. Proc the IEEE International Networking and Communication Conference, 9(22), 42-47.

Jure M. (2000). Attack Net Penetration Testing. Proc of the 2000 New Security Paradigms Workshop, Ballycotton, County Cork, Ireland, ACM Press,21(11), 15-22.

Mertter D., Yealer D. (1996).Quantitative Assessment of Operational Security Models and Tools. Technical Report Research Report 96493, LAAS.

Pamula A. (2005).A host-based approach to network attack chaining analysis. Proc. of the 21st Annual Computer Security Applications Conference, 22(3), 72-84.

Ramakrishnan S.E. (2002). Model-based Analysis of Configuration Vulnerabilities, Journal of Computer Security, 10(1), 189-209.

Rare O., Yure D. (1999).Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security. IEEE Transactions on Software Engineering, 25(5), 112-119.

Rettery L., Bear N. (2005).A Formal Approach for the Evaluation of Network Security Mechanisms Based on RBAC Policies. Electronic Notes in Theoretical Computer Science, 2(12), 117-142.

Sheyner O.,Wing J. (2004) Tools for Generating and Analyzing Attack Graphs, Process Of Workshop on Formal Methods for Compure, 2004, 8(1), 344-371.

Wijesekera A. (2002). Graph-based network vulnerability analysis. Proc. of the 9th ACM Conf. on Computer and Communications Security, 4(3), 217-224.

Wing S. (2002).Automated generation and analysis of attack graphs. Proc. of the IEEE Symp on Security and Privacy, 23(9), 273-284.