Abstract
Modern information society depends on reliable functionality of information systems infrastructure, while at the same time the number of cyber-attacks has been increasing over the years and damages have been caused. Furthermore, graphs can be used to show paths than can be exploited by attackers to intrude into systems and gain unauthorized access through vulnerability exploitation. This paper presents a method that builds attack graphs using data supplied from the maritime supply chain infrastructure. The method delivers all possible paths that can be exploited to gain access. Then, a recommendation system is utilized to make predictions about future attack steps within the network. We show that recommender systems can be used in cyber defense by predicting attacks. The goal of this paper is to identify attack paths and show how a recommendation method can be used to classify future cyber-attacks in terms of risk management. The proposed method has been experimentally evaluated and validated, with the results showing that it is both practical and effective.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Almohri HMJ, Watson LT, Yao D, Ou X (2016) Security optimization of dynamic networks with probabilistic graph modeling and linear programming. IEEE Trans Dependable Secur Comput 13(4):474–487. https://doi.org/10.1109/TDSC.2015.2411264
Ammann P, Wijesekera D, Kaushik S (2002) Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM conference on computer and communications security, CCS’02, 217. https://doi.org/10.1145/586110.586140
Ammann P, Pamula J, Ritchey R, Street J (2005) A host-based approach to network attack chaining analysis. Proc Annu Comput Sec Appl Conf ACSAC 2005:72–81. https://doi.org/10.1109/CSAC.2005.6
Anand D, Bharadwaj KK (2011) Utilizing various sparsity measures for enhancing accuracy of collaborative recommender systems based on local and global similarities. Expert Syst Appl 38(5):5101–5109. https://doi.org/10.1016/j.eswa.2010.09.141
Artz ML (2002). NetSPA: a network security planning architecture. Netw Sec 2001:1–97. https://doi.org/10.1109/CISDA.2007.368134
Barik MS, Mazumdar C (2014) A graph data model for attack graph generation and analysis. Commun Comput Inf Sci CCIS 420:239–250. https://doi.org/10.1007/978-3-642-54525-2_22
Bi K, Han D, Wang J (2016) K maximum probability attack paths dynamic generation algorithm. Comput Sci Inf Syst 13(2):677–689. https://doi.org/10.2298/CSIS160227022B
Bobadilla J, Ortega F, Hernando A (2012) A collaborative filtering similarity measure based on singularities. Inf Process Manag 48(2):204–217. https://doi.org/10.1016/j.ipm.2011.03.007
CVE (2018). Retrieved from https://cve.mitre.org/
CWE (2018). Retrieved from http://cwe.mitre.org/
Gan M (2016) COUSIN: a network-based regression model for personalized recommendations. Decis Support Syst 82:58–68. https://doi.org/10.1016/j.dss.2015.12.001
Gan M, Jiang R (2013) Improving accuracy and diversity of personalized recommendation through power law adjustments of user similarities. Decis Support Syst 55(3):811–821. https://doi.org/10.1016/j.dss.2013.03.006
Gan M-X, Sun L, Jiang R (2016) Trinity: walking on a user-object-tag heterogeneous network for personalised recommendations. J Comput Sci Technol 31(3):577–594. https://doi.org/10.1007/s11390-016-1648-0
Ghosh N, Ghosh SK (2012) A planner-based approach to generate and analyze minimal attack graph. Appl Intell 36(2):369–390. https://doi.org/10.1007/s10489-010-0266-8
Ingols K, Lippmann R, Piwowarski K (2006). Practical attack graph generation for network defense. In: Proceedings annual computer security applications conference, ACSAC, pp 121–130. https://doi.org/10.1109/ACSAC.2006.39
Ingols K, Chu M, Lippmann R, Webster S, Boyer S (2009). Modeling modern network attacks and countermeasures using attack graphs. In: Proceedings—annual computer security applications conference, ACSAC, pp 117–126. https://doi.org/10.1109/ACSAC.2009.21
Jajodia S, Noel S, O’Berry B (2005). Topological analysis of network attack vulnerability. Manag Cyber Threats 247–266. https://doi.org/10.1145/1229285.1229288
Kaynar K, Sivrikaya F (2016) Distributed Attack Graph Generation. IEEE Trans Dependable Secur Comput 13(5):519–532. https://doi.org/10.1109/TDSC.2015.2423682
Lever KE, Kifayat K (2016) Risk assessment and attack graph generation for collaborative infrastructures: a survey. Int J Crit Comput Based Syst 6(3):204–228. https://doi.org/10.1504/IJCCBS.2016.079081
Liu H, Hu Z, Mian A, Tian H, Zhu X (2014). A new user similarity model to improve the accuracy of collaborative filtering. Knowl Based Syst 56:156–166. http://www.scopus.com/inward/record.url?eid=2-s2.0-84892441295&partnerID=40&md5=34c3d6ffc22a3f6e40e0d65a8e2907ff
Lu J, Wu D, Mao M, Wang W, Zhang G (2015) Recommender system application developments: a survey. Decis Support Syst 74:12–32. https://doi.org/10.1016/j.dss.2015.03.008
Melville P, Mooney RJ, Nagarajan R (2002). Content-boosted collaborative filtering for improved recommendations. In: Proceedings of the 18th national conference on artificial intelligence AAAI, July, pp 187–192. https://doi.org/10.1.1.16.4936
Ning P, Xu D (2003). Learning attack strategies from intrusion alerts. In: Proceedings of the 10th ACM conference on Computer and communication security—CCS’03, p 200. https://doi.org/10.1145/948134.948137
Ortega F, Sánchez JL, Bobadilla J, Gutiérrez A (2013) Improving collaborative filtering-based recommender systems results using Pareto dominance. Inf Sci 239:50–61. https://doi.org/10.1016/j.ins.2013.03.011
Ou X, Singhal A (2011) Attack graph techniques. Quantitative Secur Risk Assess Enterp Netw. https://doi.org/10.1007/978-1-4614-1860-3
Ou X, Govindavajhala S, Appel AW (2005). MulVAL: a logic-based network security analyzer. Proc 14th Conf USENIX Secur Symp 14:8
Phillips C, Swiler LP (1998). A graph-based system for network-vulnerability Analysis. Proceedings of the 1998 workshop on new security paradigms, 71–79. https://doi.org/10.1145/310889.310919
Polatidis N, Georgiadis CK (2013) Recommender Systems: The Importance of Personalization on E-business Environments. Int J E-Entrep Innov 4(4):32–46. https://doi.org/10.4018/ijeei.2013100103
Polatidis N, Georgiadis CK (2016) A multi-level collaborative filtering method that improves recommendations. Expert Syst Appl 48:100–110. https://doi.org/10.1016/j.eswa.2015.11.023
Polatidis N, Georgiadis CK (2017) A dynamic multi-level collaborative filtering method for improved recommendations. Comput Stand Interfaces 51:14–21. https://doi.org/10.1016/j.csi.2016.10.014
Polatidis N, Pimenidis E, Pavlidis M, Mouratidis H (2017). Recommender systems meeting security: from product recommendation to cyber-attack prediction. In Boracchi G, Iliadis L, Jayne C, Likas A (eds.) In: Engineering applications of neural networks: 18th international conference, EANN 2017, Athens, Greece, August 25–27, 2017, Proceedings, pp. 508–519. Cham: Springer International Publishing. https://doi.org/10.1007/978-3-319-65172-9_43
Polatidis N, Pavlidis M, Mouratidis H (2018) Cyber-attack path discovery in a dynamic supply chain maritime risk management system. Comput Stand Interfaces 56:74–82. https://doi.org/10.1016/j.csi.2017.09.006
Poolsappasit N, Dewri R, Ray I (2012) Dynamic Security Risk Management Using Bayesian Attack Graphs. IEEE Trans Dependable Secur Comput 9(1):61–74. https://doi.org/10.1109/TDSC.2011.34
Ritchey RW, Ammann P (2000). Using model checking to analyze network vulnerabilities. In: Security and privacy, 2000. S&P 2000. Proceedings. 2000 IEEE Symposium on, 156–165. https://doi.org/10.1109/SECPRI.2000.848453
Shams B, Haratizadeh S (2017) TasteMiner: Mining partial tastes for neighbor-based collaborative filtering. J Intell Inf Syst 48(1):165–189. https://doi.org/10.1007/s10844-016-0397-4
Sheyner O, Haines J, Jha S, Lippmann R, Wing JM (2002). Automated generation and analysis of attack graphs. In: Proceedings—IEEE symposium on security and privacy, vol. 2002-Janua, pp. 273–284. https://doi.org/10.1109/SECPRI.2002.1004377
Son LH (2014) HU-FCF: a hybrid user-based fuzzy collaborative filtering method in recommender systems. Expert Syst Appl 41(15):6861–6870. https://doi.org/10.1016/j.eswa.2014.05.001
Su X, Khoshgoftaar TM (2009) A survey of collaborative filtering techniques. Adv Artif Intell 2009(Sect. 3):1–19. https://doi.org/10.1155/2009/421425
Templeton SJ, Levitt K (2000). A requires/provides model for computer attacks. In: Proceedings of the 2000 workshop on new security paradigms—NSPW’00, 31–38. https://doi.org/10.1145/366173.366187
Toledo RY, Mota YC, Martínez L (2015) Correcting noisy ratings in collaborative recommender systems. Knowl Based Syst 76:96–108. https://doi.org/10.1016/j.knosys.2014.12.011
Wang W, Zhang G, Lu J (2015). Collaborative filtering with entropy-driven user similarity in recommender systems. Int J Intell Syst 30:854–870). https://doi.org/10.1002/int.21735
Xie A, Zhang L, Hu J, Chen Z (2009). A probability-based approach to attack graphs generation. In: 2nd International Symposium on Electronic Commerce and Security, ISECS 2009, vol. 2:343–347. https://doi.org/10.1109/ISECS.2009.113
Xinming Ou, Wayne F, Boyer MAM (2006). A scalable approach to attack graph generation. In: 13th ACM conference on computer and communications security (pp. 336–345)
Xu B, Bu J, Chen C, Cai D (2012). An exploration of improving collaborative recommender systems via user-item subgroups. In: Proceedings of the 21st international conference on World Wide Web—WWW’12, 21. https://doi.org/10.1145/2187836.2187840
Yi S, Peng Y, Xiong Q, Wang T, Dai Z, Gao H, … Xu L (2013). Overview on attack graph generation and visualization technology. In: Proceedings of the international conference on anti-counterfeiting, security and identification, ASID. https://doi.org/10.1109/ICASID.2013.6825274
Acknowledgements
This work has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement 653212.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix A Evaluation criteria
Appendix A Evaluation criteria
-
1.
Attack path analysis
-
This describes the capacity of the evaluated method to identify and analyses different attack paths. We are distinguishing the following main types.
-
2.
Vulnerability chain analysis
-
This describes the capacity of the methods to identify chains of sequential vulnerabilities on different assets and include them into the risk analysis. We are distinguishing the following main types.
-
3.
Integration of open source information
-
This describes the capacity of the evaluated method to retrieve and integrated information coming from openly accessible sources of information (e.g., open source databases).
-
4.
Integration of crowd sourcing information
-
This describes the capacity of the evaluated method to retrieve and integrated information coming from crowd sourcing (e.g., technical forums).
-
5.
Collaboration capabilities
-
This describes the capacity of the evaluated method to enable and utilize the collaboration of several users in the risk analysis or risk management process.
-
6.
Supporting tool
-
If there is a tool for providing a visual representation or any other relevant form of the results.
-
7.
Tool availability
-
If the tool is available to the public to download, use or modify.
-
8.
Pruning of paths
-
Pruning of paths makes algorithm more efficient. The algorithm can cut paths that either not important or fall in a category that we are not interested in, such as networked attacks.
-
9.
Propagation length
-
The propagation length can be specified. The user should be able to enter the length that a potential attacker could reach after gaining access to an entry asset.
-
10.
Attacker location
-
The location of the attacker can be specified. The location of the attacker can be specified, and it should be either local or networked.
-
11.
Attacker capability
-
The capability of the attacker can be specified. The capability should be specified in terms of high, medium, low or similar.
-
12.
Entry points
-
The entry assets can be specified, which helps to search on specific network parts for problems.
-
13.
Target points
-
The target assets can be specified, which helps to search on specific network parts for problems.
-
14.
Satisfaction of EU policies
-
EU maritime supply chain policies are satisfied.
-
15.
Can be used for risk assessment
-
This describes the applicability of the evaluated method for the maritime supply chain risk assessment area.
-
16.
Vulnerability types
-
The types and the categories of the vulnerabilities can be specified within the settings of the algorithm.
-
17.
Clarity and replication
-
The algorithm is presented in a manner that it makes it easy to replicate or extend.
Rights and permissions
About this article
Cite this article
Polatidis, N., Pimenidis, E., Pavlidis, M. et al. From product recommendation to cyber-attack prediction: generating attack graphs and predicting future attacks. Evolving Systems 11, 479–490 (2020). https://doi.org/10.1007/s12530-018-9234-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12530-018-9234-z