Course of action recommendations for practical network defence

PDF

Authors
  1. Sawilla, R.
  2. Burrell, C.
Corporate Authors
Defence R&D Canada - Ottawa, Ottawa ONT (CAN);Defence R&D Canada - Toronto, Toronto ONT (CAN)
Abstract
Recent advances in the construction and analysis of attack graphs have provided new tools to network defenders. Even so, improving the security of networks remains an incredibly complex task. With increasing numbers of vulnerabilities, maturing attacker tools, and organizations becoming ever more reliant on computer network infrastructure, automation and recommendation tools are essential. Much course of action recommendation research to date has worked with the assumption that perfect network security is possible. In reality, network administrators balance security with usability and so they tolerate vulnerabilities and imperfect security. In this paper we present course of action recommendation algorithms that compute efficient and effective solutions which improve the security of networks within real-world constraints including patch availability, resource costs, and usability costs. Our solution builds upon existing metric research in order to give courses of action that maximally disrupt an attacker’s ability to reach critical targets of the administrator’s choosing. A polynomial time algorithm makes greedy choices to produce courses of action that are almost as effective as the optimal choices computed by an exponential algorithm, making our solution especially useful in practice. We demonstrate the value of our solution on a complex cyclic attack graph generated from a representative business network.

Il y a un résumé en français ici.

Report Number
DRDC-OTTAWA-TM-2009-130 — Technical Memorandum
Date of publication
01 Aug 2009
Number of Pages
50
DSTKIM No
CA032664
CANDIS No
531878
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: