Diversity and Defence in Depth for Security - A Probabilistic Approach (D3S)

安全的多样性和纵深防御 - 概率方法 (D3S)

• 批准号: EP/M019462/1
• 负责人: Ilir Gashi
• 金额: $ 71.75万
• 依托单位: City, University of London
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2015
• 资助国家: 英国
• 起止时间: 2015 至 无数据
• 项目状态: 已结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FM019462%2F1
• 关键词: Diversity; Defence; Depth; Security; Probabilistic

An important part of security is defence in depth: multiple layers of defence used to reduce the probability of a successful attack on a system or organisation. Crucially, for defence in depth these defences must be diverse in their ability to detect and/or prevent intrusion attempts. Here, as in security in general, there is a need to support decisions through quantitative approaches, seeking to answer questions like: "should a given available budget be spent on a specific defence X or two weaker defences Y and Z which, however, if combined promise better security than X alone?", "in this threat environment, what is the likelihood of a successful intrusion achieving damage worth D over one year?" etc. This project aims to produce methods for answering such questions, inevitably in probabilistic terms, with clear understanding of how much trust can be put in these methods. We will consider these layers of defence: AntiVirus (AV) products, Intrusion Detection Systems (IDS), Firewalls, as well as the implicit layers for defence created by the inherent robustness to attack of the applications and platforms being attacked (e.g. diverse operating systems and applications). The probabilistic models that will result from this research will be of two broad types: - Conceptual models - models that are used to conceptualise the problem domain and enable understanding of relative importance of different factors and theoretical limits of the benefits of diversity with the various protection layers but that are defined at a reasonably high level of abstraction making it difficult to observe and quantify the parameters of these models in practice; - Operational models - models the parameters of which can be observed and the model can be used in operation for security assessment and prediction. Successful operation models achieve prediction, given a sequence of previous observations, in the presence of limited change. Successful conceptual models more modestly clarify non-intuitive universal truths and help to analyse scenarios (e.g. showing best- and worst-case effects rather than likely effects) for which data are insufficient for prediction The open problems that we address regarding the assessment of the potential gains from defence in depth include: - Designing multi-layered defences. There are at least three dimensions to the design: - The choice of diversity architecture: how many devices, how many types of devices etc.) - How they are combined (e.g., for products that flag possible attacks, whether a security response requires consensus among multiple layers, or just one to give an alarm,or a certain majority is required). - The nature of the assets to be protected. - Security requirements are usually expressed in terms of (at least) three constituent attributes: Confidentiality, Integrity and Availability (CIA). An important issue is that designs that improve one of these attributes may make others worse, and probabilistic models help to manage these trade-offs.- There is a difference between measuring how secure a defence system has been in the past and predicting how secure it will be, as attackers develop new techniques and security vendors try to adapt. We need methods that allow us to predict the security of one (or several) layers of defences based on what we have seen in the past. Predictions may be in terms of the probabilities of: the time to next attack; the rate of attacks that we can expect in a given time interval; vulnerabilities existing in a set of defences etc; and since these will never be infallible we need methods for assessing how well they perform so that their users know how much confidence to have in these predictions.

安全的一个重要部分是纵深防御：使用多层防御来降低对系统或组织成功攻击的可能性。至关重要的是，对于纵深防御，这些防御系统在检测和/或防止入侵企图的能力上必须多种多样。在这里，就像在总体安全方面一样，有必要通过量化方法来支持决策，寻求回答这样的问题：“给定的可用预算是花在特定的防御X上，还是花在两个较弱的防御Y和Z上？然而，如果结合在一起，这两个防御系统有望比单独使用X更安全？”，“在这种威胁环境下，一次成功的入侵在一年内造成相当于D的损害的可能性有多大？”这个项目的目的是产生方法来回答这些问题，不可避免地以概率的方式，并清楚地了解这些方法可以得到多少信任。我们将考虑这些防御层：防病毒(AV)产品、入侵检测系统(IDS)、防火墙，以及由被攻击的应用程序和平台(例如，不同的操作系统和应用程序)固有的对攻击的健壮性创建的隐式防御层。这项研究将产生的概率模型将有两种广泛的类型：-概念模型--用于概念化问题领域并使得能够理解不同因素的相对重要性以及不同保护层的分集益处的理论限制，但定义在合理的高抽象水平上，使得在实践中很难观察和量化这些模型的参数；-操作模型-其参数可以被观察并且该模型可以在操作中用于安全评估和预测。成功的操作模型在给定一系列先前观察的情况下，在存在有限变化的情况下实现预测。成功的概念模型更温和地阐明了非直观的普遍真理，并有助于分析数据不足以预测的情景(例如，显示最好和最坏情况的影响，而不是可能的影响)。我们解决的关于深度防御潜在收益评估的公开问题包括：-设计多层防御。该设计至少有三个维度：-多样性架构的选择：有多少设备、有多少类型的设备等)-它们如何组合(例如，对于标记可能的攻击的产品，安全响应是否需要多层之间的共识，或者只需要一个层来发出警报，或者需要某个多数)。-要保护的资产的性质。-安全要求通常用(至少)三个组成属性来表示：机密性、完整性和可用性(CIA)。一个重要的问题是，改进其中一个属性的设计可能会让其他属性变得更差，而概率模型有助于管理这些权衡。-随着攻击者开发新技术和安全供应商试图适应，衡量一个防御系统过去的安全程度和预测它将有多安全是有区别的。我们需要一种方法，使我们能够根据过去看到的情况来预测一层(或几层)防御系统的安全性。预测可能是根据以下概率进行的：下一次攻击的时间；在给定时间间隔内我们可以预期的攻击率；一组防御中存在的漏洞等；由于这些永远不会是万无一失的，我们需要评估它们的表现如何的方法，以便它们的用户知道对这些预测有多大的信心。

项目成果

A perspective-retrospective analysis of diversity in signature-based open-source network intrusion detection systems

基于签名的开源网络入侵检测系统多样性的透视回顾性分析

• DOI: 10.1007/s10207-023-00794-9
• 发表时间: 2023
• 期刊: International Journal of Information Security
• 影响因子: 3.2
• 作者: Asad H

Dynamical analysis of diversity in rule-based open source network intrusion detection systems

基于规则的开源网络入侵检测系统多样性的动态分析

• DOI: 10.1007/s10664-021-10046-w
• 发表时间: 2021
• 期刊: Empirical Software Engineering
• 影响因子: 4.1
• 作者: Asad H

Using Diverse Detectors for Detecting Malicious Web Scraping Activity

使用不同的检测器检测恶意网页抓取活动

• DOI: 10.1109/dsn-w.2018.00033
• 发表时间: 2018
• 作者: Marques P

Finding SQL Injection and Cross Site Scripting Vulnerabilities with Diverse Static Analysis Tools

使用多种静态分析工具查找 SQL 注入和跨站脚本漏洞

• DOI: 10.1109/edcc.2018.00020
• 发表时间: 2018
• 作者: Algaith A

vepRisk - A Web Based Analysis Tool for Public Security Data

vepRisk - 基于网络的公共安全数据分析工具

• DOI: 10.1109/edcc.2017.30
• 发表时间: 2017
• 作者: Andongabo A