Exploring attack graph for cost-benefit security hardening: A probabilistic approach

Abstract

The increasing complexity of today's computer systems, together with the rapid emergence of novel vulnerabilities, make security hardening a formidable challenge for security administrators. Although a large variety of tools and techniques are available for vulnerability analysis, the majority work at system or network level without explicit association with human and organizational factors. This article presents a middleware approach to bridge the gap between system-level vulnerabilities and organization-level security metrics, ultimately contributing to cost-benefit security hardening. In particular, our approach systematically integrates attack graph, a commonly used effective approach to representing and analyzing network vulnerabilities, and Hidden Markov Model (HMM) together, for exploring the probabilistic relation between system observations and states. More specifically, we modify and apply dependency attack graph to represent network assets and vulnerabilities (observations), which are then fed to HMM for estimating attack states, whereas their transitions are driven by a set of predefined cost factors associated with potential attacks and countermeasures. A heuristic searching algorithm is employed to automatically infer the optimal security hardening through cost-benefit analysis. We use a synthetic network scenario to illustrate our approach and evaluate its performance through a set of simulations.