Research Methodolgy & Intellectual Property Rights Series 1
SECURITY OPTIMIZATION OF DYNAMIC NETWORKS WITH PROBABILISTIC GRAPH MODELING AND LINEAR PROGRAMMING
1. SECURITY OPTIMIZATION OF DYNAMIC NETWORKS
WITH PROBABILISTIC GRAPH MODELING
AND LINEAR PROGRAMMING
ABSTRACT
Securing the networks of large organizations is technically challenging due to the
complex configurations and constraints.Managing these networks requires rigorous and
comprehensive analysis tools. A network administrator needs to identify vulnerable
configurations, as well as tools for hardening the networks. Such networks usually have dynamic
and fluidic structures,thus one may have incomplete information about the connectivity and
availability of hosts. In this paper, we address the problem of statically performing a rigorous
assessment of a set of network security defense strategies with the goal of reducing the
probability of a successful large-scale attack in a dynamically changing and complex network
architecture. We describe a probabilistic graph model and algorithms for analyzing the security
of complex networks with the ultimate goal of reducing the probability of successful attacks. Our
model naturally utilizes a scalable state-of-the-art optimization technique called sequential linear
programming that is extensively applied and studied in various engineering problems. In
comparison to related solutions on attack graphs, our probabilistic model provides mechanisms
for expressing uncertainties in network configurations, which is not reported elsewhere. We have
performed comprehensive experimental validation with real-world network configuration data of
a sizable organization.