{"title":"A Heuristic Approach to Minimum-Cost Network Hardening Using Attack Graph","authors":"T. Islam, Lingyu Wang","doi":"10.1109/NTMS.2008.ECP.9","DOIUrl":null,"url":null,"abstract":"Network hardening answers the following critical question in defending against multi-step intrusions: Which vulnerabilities must be removed in order to prevent any attacker from reaching the given goal conditions. Existing approaches usually derive a logic proposition to represent the negation of the goal conditions in terms of initially satisfied conditions. In the disjunctive normal form (DNF) of the logic proposition, each disjunction then provides a viable solution to network hardening. However, such solutions suffer from an exponential time complexity. In this work, we study heuristic methods for solving this important problem with a reasonable complexity. We evaluate our proposed solution through comprehensive experiments. The results show that our solution can achieve comparable costs of network hardening in much less time than the optimal solution.","PeriodicalId":432307,"journal":{"name":"2008 New Technologies, Mobility and Security","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 New Technologies, Mobility and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NTMS.2008.ECP.9","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 26
Abstract
Network hardening answers the following critical question in defending against multi-step intrusions: Which vulnerabilities must be removed in order to prevent any attacker from reaching the given goal conditions. Existing approaches usually derive a logic proposition to represent the negation of the goal conditions in terms of initially satisfied conditions. In the disjunctive normal form (DNF) of the logic proposition, each disjunction then provides a viable solution to network hardening. However, such solutions suffer from an exponential time complexity. In this work, we study heuristic methods for solving this important problem with a reasonable complexity. We evaluate our proposed solution through comprehensive experiments. The results show that our solution can achieve comparable costs of network hardening in much less time than the optimal solution.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
