Stochastic modeling and evaluation for network security

Jisuanji Xuebao/Chinese Journal of Computers

Volumn 28, Issue 12, 2005, Pages 1943-1956

  Lin, Chuang ^a   Wang, Yang ^a   Li, Quan Lin ^a  

^a TSINGHUA UNIVERSITY   (China)

Author keywords

Attack modeling; Evaluation technique; Network security; Stochastic modeling; Survivability analysis

Indexed keywords

COMPUTER CRIME; COMPUTER NETWORKS; COMPUTER SOFTWARE SELECTION AND EVALUATION; MATHEMATICAL MODELS; PROBABILITY;

ATTACK MODELING; EVALUATION TECHNIQUE; NETWORK SECURITY; STOCHASTIC MODELING; SURVIVABILITY ANALYSIS;

SECURITY OF DATA;

EID: 30544436241     PISSN: 02544164     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (55)

1. Chang R. K. C.. Defending against flooding-based distributed denial of service attacks: A tutorial. IEEE Communications Magazine, 2002, 40(10): 42-51
2. Landwehr C.. Formal models for computer security. Computer Surveys, 1981, 13(3): 247-278
3. Lowry J.. An initial foray into understanding adversary planning and courses of action. In: Proceedings of DARPA Information Survivability Conference and Exposition II (DTSCEX'01), Anaheim, CA, 2001, 1: 123-133
4. Sanders W. H., Cukier M., Webber F., Pal P., Watro R.. Probabilistic validation of intrusion tolerance. In: Proceedings of International Conference on Dependable Systems and Networks (DSN-2002), Washington, DC, 2002, Supplemental Volume B-78-B-79
5. Littlewood B., Brocklehurst S., Fenton N., Mellor P., Page S., Wright D.. Towards operational measures of computer security. Computer Security, 1993, 2(2/3): 211-230
6. Nicol D. M., Sanders W. H., Trivedi K. S.. Model-based evaluation: From dependability to security. IEEE Transactions on Dependability and Security, 2004, 1(1): 48-65
7. Avizienis A., Laprie J. C., Randell B., Landwehr C.. Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, 2004, 1(1): 11-33
8. Daley K., Larson R., Dawkins J.. A structural framework for modeling multi-stage network attacks. In: Proceedings of ICPP Workshops, Vancouver, BC, Canada, 2002, 5-10
9. Sheyner O., Hames J., Jha S., Lippmann R., Wing J.. Automated generation and analysis of attack graphs, In: Proceedings of 2002 IEEE Symposium on Security and Privacy, Berkeley, California, USA, 2002, 273-284
10. Jha S., Sheyner O., Wing J. M.. Two formal analyses of attack graphs. In: Proceedings of Computer Security Foundations Workshop (CSFW), Nova Scotia, Canada, 2002, 49-63
11. Phillips C., Swiler L.. A graph-based system for network vulnerability analysis. In: Proceedings of ACM New Security Paradigms Workshop, Charlotlesville, VA, 1998, 71-79
12. Swiler L. P., Phillips C., Ellis D., Chakerian S.. Computer-attack graph generation tool. In: Proceedings of the DARPA Information Survivability Conference and Exposition II, Anaheim, CA, 2001, 307-321
13. Ortalo R., Deswarte Y., Kaaniche M.. Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Transactions on Software Engineering, 1999, 25(5): 633-650
14. Dolev D., Yao A.. On the security of public key protocols. IEEE Transactions on Information Theory, 1983, 29(2): 198-208
15. Marrero W., Clark E., Jha S.. Modeling checking for security protocols. Carnegie Mellon University: Technical Report CMU-SCS-97-139, 1997
16. Besson F., Jensen J., Metayer D. L., Thorn T.. Model checking security properties of control flow graphs. Computer Security, 2001, 9(3): 217-250
17. Ritchey R., Ammann P.. Using model checking to analyze network vulnerabilities. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, California, USA, 2000, 156-165
18. Wang F., Gong F., Sargor C., Goseva-Popstojanova K., Trivedi K. S., Jou F.. SITAR: Scalable intrusion tolerance architecture for distributed services. In: Proceedings of IEEE Second SMC Information Assurance Workshop, West Point, New York, USA, 2001, 38-45
19. Wang D., Madan B., Trivedi K. S.. Security analysis of SI-TAR intrusion-tolerant system. In: Proceedings of ACM Workshop Survivable and Self-Regenerative Systems, Fairfax, VA, 2003, 23-32
20. Madan B., Goseva-Popstojanova K., Vaidyanathan K., Trivedi K. S.. Modeling and quantification of security attributes of software systems. In: Proceedings of International Conference on Dependable Systems and Networks, Washington, DC, USA, 2002, 505-514
21. Madan B., Goseva-Popstojanova K., Vaidyanathan K., Trivedi K. S.. A method for modeling and quantifying the security attributes of intrusion tolerant systems. Performance Evaluation, 2004, 56(1-4): 167-186
22. McDermott J.. Attack-potential-based survivability modeling for high-consequence systems. In: Proceedings of the 3rd IEEE International Workshop on Information Assurance (IWIA'05), Callege Park, Maryland, USA, 2005, 119-130
23. Liu Y., Trivedi K. S.. A general framework for network survivability quantification. In: Proceedings of the 12th GI/ITG Conf. Measuring, Modelling and Evaluation of Computer and Comm. Systems (MMB) together with Third Polish-German Teletraffic Symposium (PGTS), Dresden, Germany, 2004, 369-378
24. Chen D., Garg S., Trivedi K. S.. Network survivability performance evaluation: A quantitative approach with applications in wireless ad-hoc networks. In: Proceedings of the 5th ACM International Workshop on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWiM 2002), Atlanta, 2002, 61-68
25. Jha S., Linger R., Longstaff T., Wing J.. Survivability analysis of network specifications. In: Proceedings of Workshop on Dependability Despite Malicious Faults. In: Proceedings of International Conference on Dependable Systems and Networks (DSN), New York, USA, 2000, 613-622
26. Humphries J. W., Pooch U. W.. Secure mobile agents for network vulnerability scanning. In: Proceedings of the 2000 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, New York, 2000, 19-25
27. Qu G., Jayaprakash, Ramkishore M., Hariri S., Raghavendra C. S.. A framework for network vulnerability analysis. In: Proceedings of the 1st IASTED International Conference on Communications, Internet, Information Technology (CIIT 2002), St. Thomas, Virgin Islands, USA, 2002, 289-298
28. Moore A. P., Ellison R. J., Linger R. C.. Attack modeling for information security and survivability. Carnegie Mellon University: Technical Note CMV/SEI-2001-TH-001, 2001
29. Jonsson E., Olovsson T.. A quantitative model of the security intrusion process based on attacker behavior. IEEE Transactions on Software Engineering, 1997, 23(4): 235-245
30. Mahimkar A., Shmatikov V.. Game-based analysis of Denial-of-service prevention protocols. In; Proceedings of the IEEE Computer Security Foundations Workshop (CSFWOS), Aix-en-Provence, France, 2005, 287-301
31. Xia Zheng-You, Zhang Shi-Yong. A kind of network security behavior model based on game theory. In: Proceedings of the 4th International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT, Chengdu, China, 2003, 950-954
32. Avizenis A., Laprie J., Randell B.. Fundamental concepts of dependability. In: Proceedings of the 3rd Information Survivability Workshop, Boston, MA, 2000, 7-12
33. Goseva-Postojanova K., Wang F., Wang R., Gong F., Vaidyanathan K., Trivedi K. S., Muthusamy B.. Characterizing intrusion tolerant systems using a state transition model. In: Proceedings of DARPA DISCEX II Conference, 2001, II(2): 211-221
34. Schneier B.. Secrets and Lies: Digital Security in a Networked World. New York: John Wiley and Sons, 2000
35. Dacier M.. Towards quantitative evaluation of computer security[Ph. D. dissertation]. Institute National Polytechnique de Toulouse, France, 1994
36. Stevens F., Courtney T., Singh S., Agbaria A., Meyer J. F., Sanders W. H., Pal P.. Model-based validation of an intrusion-tolerant information system. In: Proceedings of the 23rd Symposium, on Reliable Distributed Systems (SRDS 2004), Florianopolis, Brazil, 2004, 184-194
37. Singh S., Cukier M., Sanders W. H.. Probabilistic validation of an intrusion-tolerant replication system. In: Proceedings of the International Conference on Dependable Systems and Networks, San Francisco, CA, USA, 2003, 616-624
38. Gupta V., Lam V. V., Ramasamy H. V., Sanders W. H., Singh S.. Dependability and performance evaluation of intrusion-tolerant server architectures. In: Proceedings of the 1st Latin-Am. Symposium (LADC 2003), Sao Paulo, Brazil, 2003, 81-101
39. Kemeney J. G., Snell J. L.. Finite Markov Chains. New York: Springer-Verlag, 1960
40. Buchholz P.. Exact and ordinary lumpability in finite Markov chains. Applied Probability, 1994, 31: 59-74
41. Buchholz P.. Efficient computation of equivalent and reduced representations for stochastic automata. Computer Systems Science and Engineering, 2000, 15(2): 93-103
42. Bobbio A., Trivedi K. S.. An aggregation technique for the transient analysis of stiff Markov chains. IEEE Transactions on Computers, 1986, 35(9): 803-814
43. Daly D., Buchholz P., Sanders W. H.. An approach for bounding reward measures in Markov models using aggregation. University of Illinois at Urbana-Champaign Coordinated Science Laboratory: Technical Report Italy, UILV-ENG-04-2206 (CRHC-04-06), 2004
44. Ciardo G., Lüttgen G., Siminiceanu R.. Saturation: An efficient iteration strategy for symbolic state-space generation. In: Proceedings of International Conference Tools and Algorithms for the Construction and Analysis of Systems, Gevona, Italy, 2001, 328-342
45. Miner A. S.. Efficient solution of GSPNs using canonical matrix diagrams. In: Proceedings of the 9th International Workshop Petri Nets and Performance Models, Aachen, Germany, 2001, 101-110
46. Deavours D. D., Sanders W. H.. An efficient disk-based tool for solving large Markov models. Performance Evaluation, 1998, 33(1): 67-84
47. Lam V. V., Buchholz P., Sanders W. H.. A structured path-based approach for computing transient rewards of large CT-MCs. In: Proceedings of the 1st International Conference Quantitative Evaluation of Systems (QEST), Enschede, The Netherlands, 2004, 136-145
48. Hillston J.. A Compositional Approach to Performance Modeling. Cambridge: Cambridge University Press, 1996
49. Dacier M., Deswarte Y., Kaaniche M.. Quantitative assessment of operational security: Models and tools. Laboratory for Analysis and Architecture of Systems: Technical Report 96493, 1996
50. Erank H.. Survivability analysis of command and control communications networks-part I, II. IEEE Transactions on Communications, 1974, 22(5): 589-605
51. Knight J., Sullivan K.. On the definition of Survivability. Department of Computer Science, University of Virginia: Technical Report CS-00-33, 2000
52. Liew S. C., Lu K. W.. A framework for characterizing disaster-based network Survivability. IEEE Journal on Selected Areas in Communications, 1994, 12(1): 52-58
53. T1A1.2 Working Group on Network Survivability Performance, Technical report on enhanced network Survivability performance, Technical Report ANSI, T1. TR. 68, 2001
54. Lin Chuang, Peng Xue-Hai. Research on trustworthy networks. Chinese Journal of Computers, 2005, 28(5): 751-758 (in Chinese)
55. Avizienis A.. Design of fault-tolerant computers. In: Proceedings of AFIPS, Washington, DC, 1967, 31: 733-743