Network risk management using attacker profiling

Abstract

Risk management refers to the process of making decisions that minimize the effects of vulnerabilities on the network hosts. This can be a difficult task in the context of high-exploit probability and the difficult to identify new exploits and vulnerabilities. For many years, security engineers have performed risk analysis using economic models for the design and operation of risk-prone, technological systems using attack profiles. Based on the type of attacker identified, security administrators can formulate effective risk management policies for a network. We hypothesize that sequence of network actions by an attacker depends on the social behavior (e.g., skill level, tenacity, financial ability). We extended this and formulated a mechanism to estimate the risk level of critical resources that may be compromised based on attacker behavior. This estimation is accomplished using behavior based attack graphs representing all the possible attack paths to all the critical resources. The risk level is computed based on these graphs and are used as a measure of the vulnerability of the resource and forming an effective basis for a system administrator to perform suitable changes to network configuration. Copyright © 2008 John Wiley & Sons, Ltd.