Malcoda: Practical and Stochastic Security Risk Assessment for Enterprise Networks

Many security risk assessment models have been proposed to describe and analyze security risks and their dependencies in network systems by means of graphs. However, these models suffer from two significant problems. First, they require a lot of human intervention and expertise in the graph generation process because they assume that experts are responsible for collecting and organizing large amounts of input data necessary for the assessment. Second, they are difficult to apply to large-scale networks since the graph size and the computational cost grow explosively with the network size. To tackle these problems, we propose a novel methodology named malicious communication dependency analysis (Malcoda) for assessing security risks of enterprise networks. Malcoda identifies risks in a network on the basis of input data automatically obtained from existing security products and describes probabilistic dependencies among information assets, threats, and vulnerabilities through a Bayesian network (BN)-based model dubbed the Malco directed acyclic graph (DAG). It then analyzes the Malco DAG to calculate the probability that each asset and vulnerability is exposed to threats (risk probability). Malcoda minimizes human intervention and enables administrators with limited expertise to easily assess security risks by automatically collecting and organizing the input data required for constructing the graphs. The Malco DAG, which is lighter than existing models, significantly reduces the computational cost and improves the scalability. The evaluation of Malcoda implemented in a virtual enterprise network demonstrates that Malcoda can automatically and quickly complete the assessment process and output reasonable risk probabilities reflecting threats, i.e., intrusion detection system (IDS) alerts. The computational complexity of Malcoda is also found to be less than or equal to that of existing models.