AbstractTo secure a wealth of data traversing the computer network at your fingertips is compulsory. But when attack arises at various parts of network it is difficult to protect, especially when each incident is investigated separately. Geography is a necessary construct in computer networks. The analytics of geography algorithms and metrics to curate insight from a security problem are a critical method of analysis for computer systems.
A geography based representation is employed to highlight aspects (on a local and global level) of a security problem which are Eigen value, eccentricity, clustering coefficient and cliques. Network security model based on attack undirected geography (AUG) is familiarized. First, analysis based upon association rules is presented then the attack threshold value is set from AUG. The probability of individual attack edge and associated network nodes are computed in order to quantify the security threat. The simulation is exploited to validate that results are effective.
Best services for writing your paper according to Trustpilot
Category: Security and privacy computingKeywords: Attack analysis; Cliques; Clustering coefficient; Network security; Undirected geography I. INTRODUCTIONSecurity maneuver is primarily a data curation problem? in which incident data in concurrence with human operations to develop infrastructure robustness over time is led. Geography in the digital form of gml file, in mathematics is the concept of graph study which is designed to structure associations between nodes, connection lines and vertices. In computer network security, a method based on geography focuses on the context of security incidences by graphing network components and data stream. To extract security context based upon geography concept helps renovate the mentality of incident responders from regular process-driven operation to progressive data analytics. Not to mention it can improve efficiency and help secure day-to-day operations by inaugurating an intelligent system to prevent future attacks. A system with more context to individual well-known attack contributes analysts an informal association of how current’s attack relates to historical incidences or the upcoming one.
It is appropriate to audit the security system and swap outdated ones with advanced analytics. Data security using encryption approach over cloud computing network has been recommended in 1.Recently, the analysis of security alerts using network coding in wireless communication With the increasing demand on the use of technology, it develops more and more important to protect online information.
Network security has steadily become one of the critical tools for leveraging the computer systems. Analysis by incident experts is time consuming 2 and it is difficult to store up-to-date security information for network nodes. A risk assessment model based upon attack graph has been introduced in 3. A model adopts agents and risk association analysis into the design.
Attack graph algorithm is used to collect security information dynamically. The graph to assess the overall risk of any networks can be computed by 4. Attack route, risk index and host name are attained in order to quantify risk assessment at particular network node. The experimental results show the effectiveness and validation of the model. Once security warnings are inspected and taken into account as isolated, independent incidences, security analysts encounter how to determine patterns and relations in order to identify the associations and source of the attack.
In many problems, incident data analysts collected is unstructured and not warehoused in a fashion that avails for automation network has been presented in 5. However, the latency reduction, the improved quality of the wireless connection and the increased throughput are main objectives of the research. There have been several researches based upon network coding for the improvement of network efficiency in wireless environments. Network coding reflects the advantage of increased throughput and efficiency as it can handle higher traffic than the conventional network 6.
Security can be monitoring as a basic requirement for any computer networks as described in 7. The traffic graph concept has been introduced and used to help identify the network structure. From the point of adjacency matrix, potential risks are assessed and the attack is allocated. Multiple attacks and steps are also traced in case of critical situation. The approach based on general graph concept focuses on routing mechanism, analyzes network traffic and monitors activities. In order to monitor real-time based network traffic, the system needs a reliable scheduling mechanism as mentioned in 8. The connection analysis and traffic flow of routing mechanism has been proposed by 9.
But the set of connection can only be applicable to static wireless network. Distributed network coding-aware routing which tolerates packets from two directional flows is encrypted as suggested in 6. In this paper, network security is evaluated by employing the attack associated in the undirected geography. Related to this, the digital geography which is undirected graph is adopted to analyze the attack based on network security metrics.
It becomes more effective if security metrics tend to concentrate on individual network nodes but longer latency and queues. Thus, the analysis is not a good application for time-sensitive services like multimedia or big data. Moreover, once an intermediate router gets an acknowledged packet then it has to relay and this results in augmented delay.This research centers on evaluating the computer network security based on the attack records from undirected geography. All metrics generated by AUG are considered for security issue. First, the computer network has been geographed to compute all relevant parameters. Second, assumptions for the attack model are set, and these variables are used to calculate for possibility of attacks.
Lastly, results and analysis are discussed in order to remark the future research recommendation. II. DIRECTED AND UNDIRECTED GEOGRAPHYA. Directed Geography ModelA digital geography can be mathematically constructed by two components: a set of vertices and linked by edges. In order to model a computer network to a geography representation, it is to consider the network topology and the link (connection) per se 10.
In general, computer nodes are geographed to symbolize devices structured in the network environments while edges represent communication channels for the information flow. Edges also direct the flow of the traffic between nodes. A geography called directed geography consisting of no various edges nor self-loop (diagonally zeroed out in an adjacency matrix). A directed geograph G represents a well-organized but imperfectly connected triple (V(G), E(G),IG) where V(G) is a set of vertices, E(G) is a set of edges and an incidence function IG associating with each edge of G as displayed in Figure 1. matrix (A) and incidence matrix (I) representation of directed geography on five vertices.B.
Undirected Geography ModelThe dissimilarity between an undirected and a directed geography is that the undirected geography becomes a strongly connected one. It is more apparent if the road in the city or all streets are not single direction. If the streets are well connected, then from any part of the city to others can be accessible. Undirected edges are strongly connected but not well-organized pairs of vertices. If all edges are undirected , or bi-directional, then the computer network is called an undirected network (geography). In this research, all geographies are undirected and finite, with optional self-loops and multiple edges. Let an undirected geograph G represents a disordered but perfectly connected triple (V(G), E(G),IG) where V(G) is a set of vertices, E(G) is a set of edges and an incidence function IG associating with each edge of G as shown in Figure 2.
Assume that G consists of n vertices and m edges. Thus the incidence matrix In x m = dij with regard to V(G) and E(G), wheredij=1 when edge ej is incident with vi,0 elsewhere. (1)C. Attack Analytical ModelAttack geography approach is a basic tool to assess the security of computer network 11. It has been used to model the vulnerabilities of the computer systems and their prospective activities. The effective activity directing to minimal loss/damages of the systems is matter of security concern. Task has been performed in detecting, modeling, analyzing, and facilitating the attacks.
But in general, geographies are complicate and hefty to be translated and comprehensive by security analysts. Then in order to determine vulnerabilities in computer network as such and simplify representation of a target system, an attack geography corresponding to a target network for analysis and response must be firstly generated. A vulnerability-based attack can be graphed out, where the condition denotes the system’s state-space or security-related vulnerability and activities are modeled for analysis. This also helps prioritize the security responses in terms of both repair and integrity. Next proposed algorithm as demonstrated in Figure 4 is opted to identify the attacks.
The adjacency matrix An x n represents the link of individual edge in the attack geography. Thus the adjacency matrix points out every step in the attack. Thoroughly in other way round, the rows and columns of A have to be taken into account in order to trace attack steps. Obviously, A can be elevated to any matrices product without upsetting the original structure of the attack geography as listed in Equation 2. The performance of partition algorithm discussed in 12 can be used to obtain a shorter processing time as well as to avoid complexity in calculation cost of which is not beyond O(n2). Moreover, in case of big data processing a solution of parallelization presented in 13 can be utilized.An=i=1nAi (2) Let us assume an attack probability based upon each vulnerability (Pa) can be computed as follows:Pa=i=1npivi (3)where vi is defined as the ith vulnerability employed by the attacker while pi means the attack probability of the according vulnerability.
Note that vulnerabilities in this paper are noticeable by their IDs as listed by the National Vulnerability Database. In order to identify the attack path, a geography of computer network demonstrates the connection between node being attacked by vulnerabilities and particular edges. A geography displays the penetration of vulnerabilities. Apparently a vulnerability-based attack geography can be pictured and then vulnerability attack paths are graphed where a security issue develops the state space. For instance, assuming that there were three different vulnerabilities in the current network topology, v1, v2 and v3. Their dependencies are that v1 v2 v3 which means v1 is the successor of v2 and v3 is the successor of v2 respectively. Suppose node 1 (N1) was detected by (v1, v2), N2 was detected by (v2, v3) and N3 was detected by (v1, v3).
All possible attack paths developed by aforementioned three vulnerabilities can be alert as shown in Table 1.Attack path is a set consisting of the series of nodes and activity in order to achieve the attack goal. The activities are not only inclusive of vulnerabilities and their associations but also the normalized value (where |u| = uu) of these parameters such as load (L), Eigenvalue (E), random-walk (R), closeness (C), degree (D), and cliques (CL) and the weight in the attack path. The attack severity (AS) can be quantified by the computation of AS = PaLERCDCL (4) It is noted that it is typical several attack paths occur simultaneously in the target geography. Spontaneously, the higher number of distributed attacks the lower security as attacker possibly achieves his goal. In order to avoid this successful attack, the highest figure of AS among all attacks (), which can be defined by Equation 5 must be discovered and discarded. =maxi?nASi (5) III.
NETWORK SECURITY MODELUsually no security analyst likes to experience the attack but it extensively comes to life. To lower the damage of attacks cost helps lead to increased productivity. If rapid protection is not provided, the damage cost arises exponentially. Then, specific models and procedures are required to quickly analyze the attack activities.
The geography model of computer network is the common graph concept producing graph structure in the format of geography markup language (gml). GML models are appropriate for the design of computer networks in senses of control, traffic management, and processing capacities 14. The gml model used in this research is introduced in this section.
It is assumed that the target computer network composes of n independent nodes stored in the dataset. The geography dataset is an input of the simulation in which the geography of corresponding network is drawn out as depicted in Figure 3. The network consists of several components such as computers, servers, network hubs, routers, switches and other interconnected devices. The simulation is used to measure the network metrics listed in previous section such as cliques, closeness, degree etc.
Thus the attack severity is computed by Equation 4 based on vulnerabilities, attack paths and network metrics. A surgery application using simulation as a prototype can be found in 15.Table 1.
Possible attack paths.N1v1 N1v2 N3v3 N3v1 N2v2 N2v3N1v1 N1v2 N2v3 N3v1 N2v2 N3v3N1v1 N2v2 N3v3 N3v1 N1v2 N2v3N1v1 N2v2 N2v3 N3v1 N1v2 N3v3Figure 3. The geography of computer network with hundred nodes.-2540-190500IV.
SIMULATION RESULTS AND ANALYSIS In order to simulate the attack geography, the initial structure of synthetic gml dataset with 62 nodes is generated as shown in Figure 5. The different vulnerabilities based upon VID from the National Vulnerability Database (#7419, #7434 and #9276) is also set up to attack on three dissimilar nodes (node 14, 37 and 42). The attack probabilities are assumed to be 0.5, 0.3 and 0.2 for v1, v2 and v3 respectively. The alert of successful attacks on specific nodes is displayed on the attack geography as depicted in Figure 6.
In order to compute for AS, normalized parameters from the attack geography in Figure 5 are taken into account as summarized in Table 2. Noted that results displayed in Table 2 are only the possible figures for each parameter in the ascending order rather than summarizing them in detail of individual node format. Attack severity is calculated as shown in Table 3. It is apparent node 14 needs to be protected immediately as it exhibits the highest AS compared to others.Proposed Algorithm1: Require: Geography Dataset matrix which contains n rows and n columns; List of vulnerability ID (VID);2: Procedure: Find all possible paths under VID attacks from m nodes being attacked; Max. No. of edges per node in the network topology = e ;3: for i = 1 to m do4: for j = 1 to e do5: V.
Path = All.Paths ? Vul.Path.Check = True; /** Vulnerability found **/6: end for7: Compute ASi; /** Compute severity **/8: end for9: Compute ? ;10: Set order to outclass k ?1,2,3,.., m associated to severity level ? ; /** Priority sequence from highest to lowest severity level **/11: for ?k ?m do12: Outclass node k corresponding to k sequence ; 13: end forFigure 4. The proposed algorithm for downsizing nodes under attack.
V. CONCLUSIONQuantitative evaluation for computer network security has critical impacts on the pro-active operation of the network protection. The existing approaches are short of self-controllable mechanism, an appropriate security model has been presented in this paper.
In this regard, the proposed algorithm to evaluate the security of the computer networks is presented. The main contribution of this research is to help analyze AUG to discover the spotted attack in the geography. In practice, AUG fundamentally is complex and outsized then it is not too easy to comprehend. The proposed algorithm helps streamline the geography and makes it comprehensive for security analysts. Proposed algorithm is to calculate the attack severity of vulnerabilities.
The simulation results give the significant immediate response in order to protect the computer networks. Another investigation may include cost-effective analysis for the case of multiple attacks. Assuming the occurrence of vulnerabilities attack follows Markov chain then the approximation method can be used to reduce the complexity in simulation execution in next study.
