CISPA
Browse
cispa_all_2887.pdf (669.68 kB)

Towards Automated Network Mitigation Analysis

Download (669.68 kB)
conference contribution
posted on 2023-11-29, 18:10 authored by Patrick Speicher, Marcel Steinmetz, Jörg Hoffmann, Michael BackesMichael Backes, Robert KünnemannRobert Künnemann
Penetration testing is a well-established practical concept for the identification of potentially exploitable security weaknesses and an important component of a security audit. Providing a holistic security assessment for networks consisting of several hundreds hosts is hardly feasible though without some sort of mechanization. Mitigation, prioritizing counter-measures subject to a given budget, currently lacks a solid theoretical understanding and is hence more art than science. In this work, we propose the first approach for conducting comprehensive what-if analyses in order to reason about mitigation in a conceptually well-founded manner. To evaluate and compare mitigation strategies, we use simulated penetration testing, i.e., automated attack-finding, based on a network model to which a subset of a given set of mitigation actions, e.g., changes to the network topology, system updates, configuration changes etc. is applied. Using Stackelberg planning, we determine optimal combinations that minimize the maximal attacker success (similar to a Stackelberg game), and thus provide a well-founded basis for a holistic mitigation strategy. We show that these Stackelberg planning models can largely be derived from network scan, public vulnerability databases and manual inspection with various degrees of automation and detail, and we simulate mitigation analysis on networks of different size and vulnerability.

History

Preferred Citation

Patrick Speicher, Marcel Steinmetz, Jörg Hoffmann, Michael Backes and Robert Künnemann. Towards Automated Network Mitigation Analysis. In: Selected Areas in Cryptography (SAC). 2019.

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

Selected Areas in Cryptography (SAC)

Legacy Posted Date

2019-05-23

Open Access Type

  • Unknown

BibTeX

@inproceedings{cispa_all_2887, title = "Towards Automated Network Mitigation Analysis", author = "Speicher, Patrick and Steinmetz, Marcel and Hoffmann, Jörg and Backes, Michael and Künnemann, Robert", booktitle="{Selected Areas in Cryptography (SAC)}", year="2019", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC