Login | Register

A heuristic approach to network hardening using attack graphs

Title:

A heuristic approach to network hardening using attack graphs

Islam, Tania (2009) A heuristic approach to network hardening using attack graphs. Masters thesis, Concordia University.

[thumbnail of MR63037.pdf]
Preview
Text (application/pdf)
MR63037.pdf - Accepted Version
1MB

Abstract

In defending against multi-step attacks, network hardening answers the following important question: Which vulnerabilities must be removed from a network in order to prevent attackers from compromising critical resources while minimizing the implied cost in terms of availability or administrative efforts. Existing approaches to network hardening derive a logic proposition to represent the negation of the attack goal in terms of initially satisfied security conditions. In the disjunctive normal form (DNF) of the logic proposition, each disjunction then provides a viable solution to network hardening. However, such solutions suffer from an exponential time complexity. In this thesis, we study heuristic methods for solving this important problem with reasonable complexity. We evaluate our proposed solutions through extensive experiments. The results show that our solution can achieve reasonably good network hardening results in significantly less time than the optimal solution would require. Also, for scenarios where additional cost constraints may render a perfectly secure network hardening solution impossible, we extend our heuristic methods to partial hardening solutions. Such solutions can provide best possible improvement in terms of security under given cost constraints.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Islam, Tania
Pagination:xi, 74 leaves : ill. ; 29 cm.
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Institute for Information Systems Engineering
Date:2009
Thesis Supervisor(s):Wang, L
Identification Number:LE 3 C66I54M 2009 I85
ID Code:976518
Deposited By: Concordia University Library
Deposited On:22 Jan 2013 16:27
Last Modified:13 Jul 2020 20:10
Related URLs:
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top