Volume 4, Issue 3 (9-2012)                   itrc 2012, 4(3): 45-58 | Back to browse issues page

XML Print


Download citation:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:

Ashtiani M, Abdollahi Azgomi M. Cyber Attack Simulation for Operational Security Evaluation Using Coloured Petri Nets . itrc 2012; 4 (3) :45-58
URL: http://journal.itrc.ac.ir/article-1-179-en.html
Abstract:   (3155 Views)

Today, cyber attacks to computer networks have turned into a real challenge for network administrators. A wide range of methods have been used for attack modeling and security quantification. The most important drawback of the existing methods is that they are not based on real security-related information of networks. Our aim has been to overcome this drawback by using high-level modeling techniques and real security relevant information of systems. In this paper, we use coloured Petri nets (CPNs) for attack modeling. One of the objectives of this paper is to show the power and flexibility of CPNs for high-level attack modeling. In our work, the important elements of networks involved in cyber attacks, such as hosts, attackers, intrusion detection and prevention systems, servers and firewalls are modeled as reusable CPN sub-models. In other words, with the help of hierarchy and the abstraction provided by CPNs, we have proposed a framework for modeling and evaluation of the impacts of cyber attacks on networks. Through an illustrative example, we have modeled a sample network and some attack scenarios by using the security-relevant information extracted from open source vulnerability database (OSVDB). Finally, we have evaluated some security measures of a sample network.

Full-Text [PDF 1066 kb]   (2142 Downloads)    
Type of Study: Research | Subject: Information Technology

Add your comments about this article : Your username or Email:
CAPTCHA

Rights and permissions
Creative Commons License This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.