Abstract
As the cyber-attack trends are shifted from the volumetric attacks to the multi-layered attacks, it is more difficult for the IT administrators to find those attack attempts within their system and networks. However, vulnerability assessment is not easy due to the complex connections between multi-layered applications, servers, and networks. There are many security functionalities, but it is hard to apply strong security functionality to every information asset. In many cases, especially low computing power devices, authentication is the only or the first defense mechanism. Also, IT administrators continuously remove security vulnerabilities in applications, operating systems, and networks, but security vulnerabilities are repeatedly found due to the vendor's lack of security development process. To establish practical security defense strategy in the multi-layered network environment, we propose an advanced attack path enumeration methodology based on IT asset's reputations and authentication score. A predictive attack path enumeration based on our proposed method can help to find the best defense plan. We demonstrate our approach by design and implementation of a Hacking response measurement system and case study.
Original language | English |
---|---|
Title of host publication | Proceedings - 2016 16th IEEE International Conference on Computer and Information Technology, CIT 2016, 2016 6th International Symposium on Cloud and Service Computing, IEEE SC2 2016 and 2016 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2016 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 241-248 |
Number of pages | 8 |
ISBN (Electronic) | 9781509043149 |
DOIs | |
Publication status | Published - 2017 Mar 10 |
Event | 16th IEEE International Conference on Computer and Information Technology, CIT 2016 - Nadi, Fiji Duration: 2016 Dec 7 → 2016 Dec 10 |
Publication series
Name | Proceedings - 2016 16th IEEE International Conference on Computer and Information Technology, CIT 2016, 2016 6th International Symposium on Cloud and Service Computing, IEEE SC2 2016 and 2016 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2016 |
---|
Other
Other | 16th IEEE International Conference on Computer and Information Technology, CIT 2016 |
---|---|
Country/Territory | Fiji |
City | Nadi |
Period | 16/12/7 → 16/12/10 |
Bibliographical note
Publisher Copyright:© 2016 IEEE.
Keywords
- Attack graph
- Attack path enumeration
- Automated defense
ASJC Scopus subject areas
- Software
- Computer Science Applications
- Computer Networks and Communications
- Information Systems
- Safety, Risk, Reliability and Quality