Security modelling and assessment of modern networks using time independent Graphical Security Models

Abstract

Graphical Security Models (GSMs), such as an Attack Graph, are used to assess the security of networks, but they are often limited to assess the security of the given network state (i.e., a snapshot at the current time). To address this issue, we develop a GSM named Time-independent Hierarchical Attack Representation Model (TI-HARM), which analyses the security of multiple network states combined taking into account the time duration of each network state and the visibility of the network components (e.g., hosts and edges). Also, we develop a new security rating system for dynamic networks to evaluate the changing security posture. Lastly, we present an approach that utilises the functionalities of the TI-HARM to compute global optimal defence solutions for dynamic networks. Our experimental results show that the TI-HARM can model and analyse the security of multiple states of dynamic networks, which the existing GSMs mostly assumed that it is static. Also, we found that the TI-HARM can be used to effectively compute the global optimal security solutions compared to existing models that only focus on local optimal solutions. Therefore, our proposed approach could be used to aid security administrators to understand the security posture of dynamic networks better and be able to enhance the security taking into account multiple changes in dynamic networks.