The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Attack Modeling for an Internet Security Simulation

인터넷 보안 시뮬레이션을 위한 공격 모델링

  • 서정국 (아주대학교 대학원 정보통신학과) ;
  • 최경희 (아주대학교 정보통신학과) ;
  • 정기현 (아주대학교 전자공학부) ;
  • 박승규 (아주대학교 정보통신학과) ;
  • 심재홍 (조선대학교 인터넷소프트웨어공학부)
  • Published : 2004.04.01
Download PDF
⟨ Previous Next ⟩

Abstract

As the use of the Internet has explosively increased, it is likely for the Internet to be exposed to various attacks. Modeling the Internet attacks is essential to simulate the attacks. However, the existing studies on attack modeling have mainly focused on classifying and categorizing the attacks and consequently they are not suitable to representing attack scenarios in the Internet security simulation. In this paper, we introduce the existing methods of attack modeling, and propose an adapted attack modeling to properly express the properties for the Internet security simulator. The adapted attack modeling suggests a solution to the problems of the existing attack tree modelings, such as difficulty of composing complex scenarios ambiguity of attack sequence, lack of system state information. And it can represent simultaneous, precise time-dependent attack, and attack period, which are nearly impossible to be represented in many other existing methods.

최근 인터넷 사용이 폭발적으로 증가함에 따라 인터넷은 다양한 공격에 노출되었다. 이러한 인터넷 공격을 시뮬레이션 하기 위해서는 공격을 효과적으로 모델링 할 수 있어야 한다. 그러나 기존의 인터넷 공격 모델링 기법들은 공격을 단순히 특징에 파라 분류하거나 종류를 나누는 네 중점을 두고 있으며, 인터넷 보안 시뮬레이션을 위한 공격 시나리오를 표현하는데 있어서는 적합하지 않았다. 본 논문에서는 기존의 트리기반 공격 모델링 기법을 보완하여 인터넷 보안 시뮬레이션의 공격 모델링 기법으로 활용할 수 있게 개선하였다. 개선된 공격 모델링 기법은 복잡한 시나리오의 표현 불가, 공격 실행 순서의 모호함, 시스템 상태 정보의 결여 풍과 같은 기존 트리 기반 모델링 기법의 문제점들을 해결하였다. 또한 기존 모델링 기법으로는 기술할 수 없었던 동시간 공격 표현, 정밀한 공격 시작 및 수행기간 지정 등이 가능하도록 하였다.

Keywords

References

  1. Donald Welch and Greg Conti, 'A Framework for an Information Warfare Simulation,' Proceedings of the 2001 IEEE, Workshop on Information Assurance and Securtiy, United States Military Academy, West Point, NY, June, 2001
  2. Shabana Razak, Mian Zhon and Sheau-Dong Lang, 'Network Intrusion Simulation Using OPNET,' Proceedings of OPNETWORK2002 Conference, Washington, USA, Sept., 2002
  3. T. Aslam, I. Krsul and E. Spafford, 'Use of a Taxonmy of Security Faults,' Proceedings of the 19th NIST-NCSC National Informaiton System Security Conference, pp.551-560, 1996
  4. S. Kumar, 'Classification and Detection of computer Intrusions,' Phd Dissertation, Department of Computer Science, Purdue University, West Lafayette, Indiana, 1995
  5. U. Lindqvist and E. Jonsson, 'How to Systematically Classify Computer Security Intrusions,' Proceedings of th IEEE Symposium on Security and Privacy, pp.154-163 https://doi.org/10.1109/SECPRI.1997.601330
  6. J. Howard, 'An Analysisn of Security Incidents on the Internet 1989~1995,' PhD Dissertation, Department of Engineering and Public Policy, Carnegie Mellon University, Pittsburgh, Pennsylvania, 1997
  7. The MITRE Corporation, 'Common Vulnerabilities and Exposures,' , http://cve.mitre.org
  8. The National Institute of Standards and Technology, 'ICAT Metabase,' http://icat.nist.gov
  9. J. Mcdermott, 'Attack Net Penetration Testing,' In the New Security Paradigms Workshop (Ballycotton, County Cork, Ireland, Sept. 2000), ACM SIGSAC, ACM Press, pp.15-22, 2000
  10. Paul Ammann, Duminda Wijesekera, and Saket Kaushik, 'Scalable, graph-based network vulnerabillity analysis,' Proceedings of the 9th AMC Conference on Computer and Communications Xecurity, Washington, DC, USA, 2002 https://doi.org/10.1145/586110.586140
  11. Jan Steffan, Markus Schumacher, 'Collaborative Attack Modeling,' Proceedings of the 2002 ACM Symposium on Applied Computing, Madrid, Spain, 2002 https://doi.org/10.1145/508791.508843
  12. B. Schneier, 'Attack Tree' Secrets and Lies. pp. 318-333, John Wiley and Sons, New York
  13. T. Tidwell, 'Modeling Internet Attack' Proceedings of the 2001 IEEE, Workshop on Informaiton Assurance and Security, United States Miultary Academy, West Point, NY, June, 2001
  14. Kristopher Daley, Ryan Larson, and Jerald Dawkins, 'A Structural Framework for Modeling Multi-Stage Network Attacks,' Proceedings of the 2002 IEEE, International Conference on Parallel Processing Workshop(ICPPW'02), Vancouver, Bc., Canada, August, 2002 https://doi.org/10.1109/ICPPW.2002.1039705
  15. James H. Cowie, 'Scalable Simulation Framework API Reference Maunal,' Version 1.0 Decument Draft-Revision, March, 1999, http://www.ssfnet.org
  16. SSF Research Network, 'SSF Simulator Implementation,' http://www.ssfnet.org/ssfImplementations.html