Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2004.11C.2.183

Attack Modeling for an Internet Security Simulation  

Seo, Jung-Kuk (아주대학교 대학원 정보통신학과)
Choi, Kyung-Hee (아주대학교 정보통신학과)
Jung, Gi-Hyun (아주대학교 전자공학부)
Park, Seung-Kyu (아주대학교 정보통신학과)
Sim, Jae-Hong (조선대학교 인터넷소프트웨어공학부)
Publication Information
The KIPS Transactions:PartC / v.11C, no.2, 2004 , pp. 183-192 More about this Journal
Abstract
As the use of the Internet has explosively increased, it is likely for the Internet to be exposed to various attacks. Modeling the Internet attacks is essential to simulate the attacks. However, the existing studies on attack modeling have mainly focused on classifying and categorizing the attacks and consequently they are not suitable to representing attack scenarios in the Internet security simulation. In this paper, we introduce the existing methods of attack modeling, and propose an adapted attack modeling to properly express the properties for the Internet security simulator. The adapted attack modeling suggests a solution to the problems of the existing attack tree modelings, such as difficulty of composing complex scenarios ambiguity of attack sequence, lack of system state information. And it can represent simultaneous, precise time-dependent attack, and attack period, which are nearly impossible to be represented in many other existing methods.
Keywords
Information Warfare; Internet Attack; Internet Security Simulation; Attack Modeling;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Donald Welch and Greg Conti, 'A Framework for an Information Warfare Simulation,' Proceedings of the 2001 IEEE, Workshop on Information Assurance and Securtiy, United States Military Academy, West Point, NY, June, 2001
2 T. Aslam, I. Krsul and E. Spafford, 'Use of a Taxonmy of Security Faults,' Proceedings of the 19th NIST-NCSC National Informaiton System Security Conference, pp.551-560, 1996
3 J. Howard, 'An Analysisn of Security Incidents on the Internet 1989~1995,' PhD Dissertation, Department of Engineering and Public Policy, Carnegie Mellon University, Pittsburgh, Pennsylvania, 1997
4 The MITRE Corporation, 'Common Vulnerabilities and Exposures,' , http://cve.mitre.org
5 Shabana Razak, Mian Zhon and Sheau-Dong Lang, 'Network Intrusion Simulation Using OPNET,' Proceedings of OPNETWORK2002 Conference, Washington, USA, Sept., 2002
6 S. Kumar, 'Classification and Detection of computer Intrusions,' Phd Dissertation, Department of Computer Science, Purdue University, West Lafayette, Indiana, 1995
7 J. Mcdermott, 'Attack Net Penetration Testing,' In the New Security Paradigms Workshop (Ballycotton, County Cork, Ireland, Sept. 2000), ACM SIGSAC, ACM Press, pp.15-22, 2000
8 U. Lindqvist and E. Jonsson, 'How to Systematically Classify Computer Security Intrusions,' Proceedings of th IEEE Symposium on Security and Privacy, pp.154-163   DOI
9 Jan Steffan, Markus Schumacher, 'Collaborative Attack Modeling,' Proceedings of the 2002 ACM Symposium on Applied Computing, Madrid, Spain, 2002   DOI
10 The National Institute of Standards and Technology, 'ICAT Metabase,' http://icat.nist.gov
11 James H. Cowie, 'Scalable Simulation Framework API Reference Maunal,' Version 1.0 Decument Draft-Revision, March, 1999, http://www.ssfnet.org
12 T. Tidwell, 'Modeling Internet Attack' Proceedings of the 2001 IEEE, Workshop on Informaiton Assurance and Security, United States Miultary Academy, West Point, NY, June, 2001
13 B. Schneier, 'Attack Tree' Secrets and Lies. pp. 318-333, John Wiley and Sons, New York
14 Paul Ammann, Duminda Wijesekera, and Saket Kaushik, 'Scalable, graph-based network vulnerabillity analysis,' Proceedings of the 9th AMC Conference on Computer and Communications Xecurity, Washington, DC, USA, 2002   DOI
15 SSF Research Network, 'SSF Simulator Implementation,' http://www.ssfnet.org/ssfImplementations.html
16 Kristopher Daley, Ryan Larson, and Jerald Dawkins, 'A Structural Framework for Modeling Multi-Stage Network Attacks,' Proceedings of the 2002 IEEE, International Conference on Parallel Processing Workshop(ICPPW'02), Vancouver, Bc., Canada, August, 2002   DOI