Vulnerability Analysis of Faults/Attacks in Network Centric Systems Salim Hariri, Tushneem Dharmagadda, Modukuri Ramkishore, Guangzhi Qu ECE Department, the University of Arizona, Tucson, AZ, 85719 {hariri, qug} @ece.arizona.edu C.S Raghavendra , University of Southern California raghu@halcyon.usc.edu Abstract Network Centric Systems (NCS) and their applications have been growing at an amazing rate, the vulnerability of these systems and applications are also increasing because the intruder tools and attacks are becoming increasingly sophisticated. To make network systems reliable and robust it becomes highly essential to develop on-line monitoring, analyzing, and quantifying the behavior of networks and applications (vulnerability metrics) under a wide range of faults/attacks. In this paper, we present an agent-based framework and vulnerability metrics to analyze and quantify the impact of faults/attacks on networked systems. This analysis helps us determine the most critical components in the network, the failure of which might lead to a massive network outage or performance degradation and the vulnerability metrics that can be integrated with the control and management system to achieve proactive responses to faults/attacks and thus minimizes the impacts of these attacks and improve survivability of network infrastructure and services. Our approach is based on deploying software agents on routers, clients and servers to continuously monitor the vulnerability metrics that can be used to achieve self-healing and protecting services. We present through simulations how the proposed vulnerability metrics can be used to quantify the impacts of faults/attacks on various components of networked systems and how they can be used to proactively achieve self-healing and protecting services. 1 Introduction The internet has been growing at a very rapid pace and is becoming the most important and cost effective method of moving/sharing data across a wide range of geographically dispersed heterogeneous information systems. This has also increased the vulnerabilities of networked systems and their applications. A sustained attack on the infrastructure could cause the breakdown of the Grid infrastructure and that could be catastrophic. Most of the network infrastructure has been designed to withstand physical failures viz. the breaking of physical wires/computers that are part of the system, but the attacks by people which are a part of the network have not been taken into account [1, 2, 3]. According to a study on the structure of the worldwide network [4], the Internet's reliance on a few key nodes makes it vulnerable especially to organized attacks by hackers and terrorists. The progress made in the development of security systems, has been over- shadowed by the improvisation and sophistication of the attacking strategies and methodologies. It has been shown that the average performance of the Internet would be reduced by a factor of two if 1% of the most connected nodes are disabled. If 4% of them were shut down, the network infrastructure would become fragmented and unusable [4]. The vulnerability analysis of the networked environment and of Internet infrastructure is still in its infancy stage due to the dynamic nature of the network system. In this paper we present a framework to analyze on-line network vulnerability that can be used to discover attack points (or vulnerabilities) in real-time and characterize the behavior of critical infrastructure networks under attacks and faults. We present an impact analysis architecture that quantifies the impact of attacks and faults on network performance and services by using underlying agent-based monitoring. We then propose a proactive and survivable architecture that provides fast recovery and convergence to stability for networks susceptible to programmed attacks and faults. We classify traffic based on vulnerability metrics computed by the agent framework proposed in this paper. This ensures better performance to legitimate traffic of various services that uses the same core network as the attack traffic. The paper is organized as follows. In Section 2, we discuss briefly the different attack methods and related work. Section 3 gives an overview of the vulnerability analysis architecture and briefly describes the impact analysis and proactive recovery architecture. Section 4 presents the simulation results. Section 5 discusses the conclusion and future work. 2 Related Works