An Attack Risk Assessment Model for Network Security Automation

Next-generation computer networks are increasingly complex due to their size, heterogeneity, and dynamism, making them vulnerable to sophisticated, multi-stage and multi-vector attacks. Manual security reconfiguration methods are too slow and error-prone, leading to delays and misconfigurations. To address these problems, the recent literature on network security configuration has focused on automated reconfiguration approaches for faster and more resilient responses. However, the dynamic nature of modern computer networks impacts the preservation of security during the updates, as improper sequencing can create insecure transient states. In lights of these motivations, the FATO methodology has been proposed. The aim is to optimize the scheduling of configuration changes in distributed virtual firewalls to maximize the number of secure intermediate states, minimizing violations of prioritized security policies. Optimality and formal correctness are achieved throughout the formulation of a Maximum Satisfiability Modulo Theories (MaxSMT) problem. Although FATO is one of the best approaches for automatic firewall reconfiguration, it presents some critical limitations. On one hand, its reconfiguration mechanism is not customized by attack types, since it adopts a general-purpose optimization strategy, which is not always adequate. On the other hand, it lacks a detailed analysis of its applicability to specific contexts. This thesis aims to address the aforementioned limitations of FATO by investigating how it can be improved to mitigate real complex attacks and provide higher resilience. In order to achieve this objective, the contribution of this work consists in the proposal and definition of an extension for FATO tailored to mitigate complex and multi-vector attacks in a more efficient and responsive way. To support this objective, an in-depth analysis of the Risk Assessment Model is conducted, and a set of enhancements is proposed to make it reactive to ongoing attacks. The revised model introduces a dynamic prioritization mechanism that evaluates each attack based on two key factors: the immediate impact it has on the system and the likelihood of its recurrence. By combining these two dimensions, the model computes a risk score that reflects both the severity and the persistence of each threat. This score is then used to inform the reconfiguration strategy, ensuring that the most harmful and frequent threats are addressed with higher urgency. The result is a more context-aware firewall reconfiguration process, capable of adapting its priorities in real-time to effectively mitigate the evolving threat landscape. The effectiveness of the enhanced reconfiguration model is validated through its application to real-life scenarios involving complex and multi-vector attacks. Specifically, the model was tested in simulated environments that accurately replicate the conditions of modern enterprise networks under coordinated attack campaigns. These scenarios included combinations of lateral movement, privilege escalation, and DDoS tactics, reflecting the sophistication of current threat actors. The evaluation demonstrated that the proposed extension to FATO significantly improved the system’s ability to respond more quickly and accurately to the evolving attack patterns. Compared to the original approach, the enhanced model consistently achieved better results in terms of reducing policy violations, minimizing exposure windows, and prioritizing reconfiguration actions based on risk.