Impact Analysis of System and Network Attacks
Total Page:16
File Type:pdf, Size:1020Kb
View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by DigitalCommons@USU Utah State University DigitalCommons@USU All Graduate Theses and Dissertations Graduate Studies 12-2008 Impact Analysis of System and Network Attacks Anupama Biswas Utah State University Follow this and additional works at: https://digitalcommons.usu.edu/etd Part of the Computer Sciences Commons Recommended Citation Biswas, Anupama, "Impact Analysis of System and Network Attacks" (2008). All Graduate Theses and Dissertations. 199. https://digitalcommons.usu.edu/etd/199 This Thesis is brought to you for free and open access by the Graduate Studies at DigitalCommons@USU. It has been accepted for inclusion in All Graduate Theses and Dissertations by an authorized administrator of DigitalCommons@USU. For more information, please contact [email protected]. i IMPACT ANALYSIS OF SYSTEM AND NETWORK ATTACKS by Anupama Biswas A thesis submitted in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE in Computer Science Approved: _______________________ _______________________ Dr. Robert F. Erbacher Dr. Chad Mano Major Professor Committee Member _______________________ _______________________ Dr. Stephen W. Clyde Dr. Byron R. Burnham Committee Member Dean of Graduate Studies UTAH STATE UNIVERSITY Logan, Utah 2008 ii Copyright © Anupama Biswas 2008 All Rights Reserved iii ABSTRACT Impact Analysis of System and Network Attacks by Anupama Biswas, Master of Science Utah State University, 2008 Major Professor: Dr. Robert F. Erbacher Department: Computer Science Systems and networks have been under attack from the time the Internet first came into existence. There is always some uncertainty associated with the impact of the new attacks. Compared to the problem of attack detection, analysis of attack impact has received very little attention. Generalize and forecasting the kind of attack that will hit systems in future is not possible. However, it is possible to predict the behavior of a new attack and, thereby, the impact of the attack. This thesis proposes a method for predicting the impact of a new attack on systems and networks as well as the severity of the impact of the new attack. The prediction is based on the assumption that a future attack will be similar to already existing attacks. The severity of the attack depends on a few specific system/network parameters identified in this thesis. The cumulative effect of an attack is a summation of the behavior of these identified parameters during the attack. The suggested method is based on simulating a selected number of existing attacks, collecting the results of the impact of these attacks, and using them along with attack graphs to automatically detect the impact of a new attack. A formula is proposed for calculating the impact severity percentage, which is calculated as a percentage value of the impact of the known attack. This value will help identify critical points that need special care to ensure the readiness of a network or system to withstand an attack. (144 pages) iv To my parents who are the largest source of motivation and encouragement in my life. v ACKNOWLEDGMENTS My heartfelt thanks to my advisor, Dr. Robert Erbacher, for his constant support and guidance through the course of this research project and for his valuable feedback at every step. I would also like to thank Dr. Chad Mano whose computer security course served as a precursor for my research. My heartfelt thanks to Dr. Stephen Clyde whose object-oriented software development course helped me visualize and generate a lot of innovative ideas for my thesis. A big thank you to Myra Cook whose invaluable feedback helped to make my thesis presentable. I would like to thank the computer science security laboratory members as well as all the USU faculty with whom I have had the pleasure to work with. The entire journey would not have been possible without the prayers and encouragement of my family. Heartfelt thanks to my parents and my sister for believing in me and helping me achieve my dreams. Thanks to all my friends, especially Shalini Rathnavel and Steena Monteiro, for their constant moral support and feedback. Finally, I would like to offer my work at the lotus feet of my spiritual guru, Mata Amritanandmayi, whose blessings and teachings have always guided me through all the difficult times. Anupama Biswas vi CONTENTS Page ABSTRACT....................................................................................................................................iii ACKNOWLEDGMENTS ............................................................................................................... v LIST OF TABLES.........................................................................................................................viii LIST OF FIGURES ........................................................................................................................ix 1 INTRODUCTION..................................................................................................................... 1 1.1 Importance of Analyzing Impact of Novel Attacks ............................................................ 1 1.2 Related Work ...................................................................................................................... 2 2 METHODOLOGY.................................................................................................................... 6 2.1 The Approach Adopted for Impact Analysis....................................................................... 6 2.2 Experimentation.................................................................................................................. 7 2.2.1 Simulation Setup.................................................................................................... 7 2.2.2 Simulation of Selected Attacks ............................................................................ 11 2.3 Observations of the Impact of the Simulated Attacks....................................................... 32 3 IMPACT ANALYSIS ALGORITHM AND CALCULATION OF IMPACT SEVERITY PERCENTAGE ................................................................................................... 33 3.1 Function Definition for Mapping Novel Attacks to Simulated Attacks............................ 33 3.1.1 Assumptions. ....................................................................................................... 34 3.1.2 Function Definition.............................................................................................. 34 3.2 Impact Analysis Algorithm ............................................................................................... 36 4 AUTOMATED APPROACH TO IMPACT ANALYSIS FOR SYSTEM AND NETWORK ATTACKS ................................................................................ 38 4.1 Attack Graphs ................................................................................................................... 38 4.2 Representation of Impact Analysis Graph ........................................................................ 39 4.3 Configuration File and Attacker’s Profile......................................................................... 40 4.4 Attack Template................................................................................................................ 41 4.5 Attack Templates for Simulated Attacks........................................................................... 46 5 PROOF OF CONCEPT........................................................................................................... 56 5.1 Description of the Novel Attack ....................................................................................... 56 5.2 Analyzing the Impact of the Attack and Calculating the Impact Severity Percentage .... .57 vii 5.3 Generating an Impact Analysis Graph for the Novel Attack ............................................ 59 6 CONCLUSION AND FUTURE WORK ................................................................................ 62 6.1 Contribution...................................................................................................................... 62 6.2 Future Work ...................................................................................................................... 62 REFERENCES .............................................................................................................................. 64 APPENDICES ............................................................................................................................... 66 Appendix A ............................................................................................................................. 67 Appendix B ........................................................................................................................... 113 Appendix C ........................................................................................................................... 135 viii LIST OF TABLES Table Page 2.1 Command Options for top Command............................................................................... 9 2.2 System Configuration for Attack Simulation.................................................................... 11 2.3 Threshold Values of the System and Network Before the Attack..................................... 13 2.4 Performance Metric Values During Fork Bomb Attack with Login as ‘Root’.................. 13