{"title":"Worst-case attacker models for two-layered networks based on the Minimum Overlay Cut","authors":"M. Backhaus, G. Schäfer","doi":"10.1109/ISCC.2017.8024709","DOIUrl":null,"url":null,"abstract":"Appropriate attacker models are generally known to be a fundamental prerequisite for any security evaluation of complex systems or networks. This paper deals with worst-case attacker models targeted to cause maximum damage in an overlay network by deliberately disturbing links within the underlying transport network topology. The flexibility of rerouting in underlay and overlay networks leads to complex dynamics in the topology of such two-layered overlay networks, which needs to be appropriately considered in attacker modeling. In this article, we present two worst-case attacker models based on the Minimum Overlay Cut, which either try to maximize network damage with a given number of possible outages, or aim at a given level of damage with minimal effort. For this, we developed a novel Integer Linear Programming (ILP) formulation for the Minimum Cut, that uses less binary variables than existing approaches, and is therefore better suited to deal with larger networks as well as multiple demands. An evaluation of a typical VPN overlay scenario shows that our worst-case models give significantly more realistic assessments of potential damages than two alternatively evaluated random and greedy strategies.","PeriodicalId":106141,"journal":{"name":"2017 IEEE Symposium on Computers and Communications (ISCC)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE Symposium on Computers and Communications (ISCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCC.2017.8024709","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
Appropriate attacker models are generally known to be a fundamental prerequisite for any security evaluation of complex systems or networks. This paper deals with worst-case attacker models targeted to cause maximum damage in an overlay network by deliberately disturbing links within the underlying transport network topology. The flexibility of rerouting in underlay and overlay networks leads to complex dynamics in the topology of such two-layered overlay networks, which needs to be appropriately considered in attacker modeling. In this article, we present two worst-case attacker models based on the Minimum Overlay Cut, which either try to maximize network damage with a given number of possible outages, or aim at a given level of damage with minimal effort. For this, we developed a novel Integer Linear Programming (ILP) formulation for the Minimum Cut, that uses less binary variables than existing approaches, and is therefore better suited to deal with larger networks as well as multiple demands. An evaluation of a typical VPN overlay scenario shows that our worst-case models give significantly more realistic assessments of potential damages than two alternatively evaluated random and greedy strategies.