Towards scalable security analysis using multi-layered security models

Security models, such as an attack graph (AG), are widely adopted to assess the security of networked systems, such as utilizing various security metrics and providing a cost-effective network hardening solution. There are various methods of generating these models, but the scalability problem exists for single-layered graph-based security models when analyzing all possible attack paths. To address this problem, we propose to use a multi-layer hierarchical attack representation model (HARM) that models various components in the networked system in different layers to reduce the computational complexity. First, we formulate key questions that need to be answered to assess the scalability of security models. Second, we formally define the multi-layer HARM. Last, we conduct experiments to show the scalability of security models. Our experimental results show that using the HARM can improve the scalability of assessing the security of the networked system significantly in comparison to the single-layered security models in various network scenarios.