The Community for Technology Leaders
Green Image
Issue No. 04 - July-Aug. (2016 vol. 13)
ISSN: 1545-5971
pp: 474-487
Hussain M.J. Almohri , Department of Computer Science, Kuwait University, Kuwait
Layne T. Watson , Departments of Computer Science and Mathematics, Virginia Tech, Blacksburg, VA
Danfeng Yao , Department of Computer Science, Virginia Tech, Blacksburg, VA, 24060
Xinming Ou , Department of Computing and Information Sciences, Kansas State University, Manhattan, KS
ABSTRACT
Securing the networks of large organizations is technically challenging due to the complex configurations and constraints. Managing these networks requires rigorous and comprehensive analysis tools. A network administrator needs to identify vulnerable configurations, as well as tools for hardening the networks. Such networks usually have dynamic and fluidic structures, thus one may have incomplete information about the connectivity and availability of hosts. In this paper, we address the problem of statically performing a rigorous assessment of a set of network security defense strategies with the goal of reducing the probability of a successful large-scale attack in a dynamically changing and complex network architecture. We describe a probabilistic graph model and algorithms for analyzing the security of complex networks with the ultimate goal of reducing the probability of successful attacks. Our model naturally utilizes a scalable state-of-the-art optimization technique called sequential linear programming that is extensively applied and studied in various engineering problems. In comparison to related solutions on attack graphs, our probabilistic model provides mechanisms for expressing uncertainties in network configurations, which is not reported elsewhere. We have performed comprehensive experimental validation with real-world network configuration data of a sizable organization.
INDEX TERMS
security of data, graph theory, linear programming, probability
CITATION

H. M. Almohri, L. T. Watson, D. Yao and X. Ou, "Security Optimization of Dynamic Networks with Probabilistic Graph Modeling and Linear Programming," in IEEE Transactions on Dependable and Secure Computing, vol. 13, no. 4, pp. 474-487, 2016.
doi:10.1109/TDSC.2015.2411264
235 ms
(Ver 3.3 (11022016))