It is Time To Steer: A Scalable Framework for Analysis-Driven Attack Graph Generation
Pages 229 - 250
Abstract
Attack Graph (AG) represents the best-suited solution to support cyber risk assessment for multi-step attacks on computer networks, although their generation suffers from poor scalability due to their combinatorial complexity. Current solutions propose to address the generation problem from the algorithmic perspective and postulate the analysis only after the generation is complete, thus implying too long waiting time before enabling analysis capabilities. Additionally, they poorly capture the dynamic changes in the networks due to long generation times. To mitigate these problems, this paper rethinks the classic AG analysis through a novel workflow in which the analyst can query the system anytime, thus enabling real-time analysis before the completion of the AG generation with quantifiable statistical significance. Further, we introduce a mechanism to accelerate the generation by steering it with the analysis query. To show the capabilities of the proposed framework, we perform an extensive quantitative validation and present a realistic case study on networks of unprecedented size. It demonstrates the advantages of our approach in terms of scalability and fitting to common attack path analyses.
References
[1]
Angelini, M., Santucci, G., Schumann, H., Schulz, H.J.: A review and characterization of progressive visual analytics. In: Informatics, vol. 5, p. 31. MDPI (2018)
[2]
Aven T On the meaning of a black swan in a risk context Saf. Sci. 2013 57 44-51
[3]
Clarke EM Ramesh S and Sivakumar G Model checking Foundations of Software Technology and Theoretical Computer Science 1997 Heidelberg Springer 54-56
[4]
Dimitriadou, K., Papaemmanouil, O., Diao, Y.: Explore-by-example: an automatic query steering framework for interactive data exploration. In: Proceedings of the International Conference on Management of data, pp. 517–528 (2014)
[5]
Fekete, J.D., Primet, R.: Progressive analytics: a computation paradigm for exploratory data analysis. arXiv preprint arXiv:1607.05162 (2016)
[6]
Feng Y, Wang L, Zhang J, Cai Z, and Gan Y Generation method of network attack graph based on greedy heuristic algorithm Int. J. Hybrid Inf. Technol. 2017 10 6 23-32
[7]
George G and Thampi SM A graph-based security framework for securing industrial IoT networks from vulnerability exploitations IEEE Access 2018 6 43586-43601
[8]
Gonda, T., Pascal, T., Puzis, R., Shani, G., Shapira, B.: Analysis of attack graph representations for ranking vulnerability fixes. In: GCAI, pp. 215–228 (2018)
[9]
Gonzalez-Granadillo G et al. Dynamic risk management response system to handle cyber threats Futur. Gener. Comput. Syst. 2018 83 535-552
[10]
Grover, A., Leskovec, J.: node2vec: scalable feature learning for networks. In: Proceedings of the 22nd ACM SIGKDD, KDD 2016, pp. 855–864. Association for Computing Machinery, New York, NY, USA (2016)
[11]
Guia, J., Soares, V.G., Bernardino, J.: Graph databases: Neo4j analysis. In: ICEIS (1), pp. 351–356 (2017)
[12]
Hassan, W.U., Bates, A., Marino, D.: Tactical provenance analysis for endpoint detection and response systems. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1172–1189. IEEE (2020)
[13]
Hogräfer M, Angelini M, Santucci G, and Schulz HJ Steering-by-example for progressive visual analytics ACM Trans. Intell. Syst. Technol. 2022 13 6 1-26
[14]
Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: 2006 22nd Annual Computer Security Applications Conference (ACSAC 2006), pp. 121–130 (2006)
[15]
Jajodia, S., Noel, S.: Topological vulnerability analysis. In: Jajodia, S., Liu, P., Swarup, V., Wang, C. (eds.) Cyber Situational Awareness. Advances in Information Security, vol. 46, pp. 139–154. Springer, Boston, MA (2009).
[16]
Kavallieratos G, Katsikas S, et al. Katsikas S et al. Attack path analysis for cyber physical systems Computer Security 2020 Cham Springer 19-33
[17]
Kaynar K A taxonomy for attack graph generation and usage in network security J. Inf. Secur. Appl. 2016 29 27-56
[18]
Kaynar K and Sivrikaya F Distributed attack graph generation IEEE Trans. Dependable Secure Comput. 2016 13 5 519-532
[19]
Khakzad N, Khan F, and Amyotte P Major accidents (gray swans) likelihood modeling using accident precursors and approximate reasoning Risk Anal. 2015 35 7 1336-1347
[20]
Kotenko, I., Doynikova, E.: Security assessment of computer networks based on attack graphs and security events. In: Linawati, Mahendra, M.S., Neuhold, E.J., Tjoa, A.M., You, I. (eds.) Information and Communication Technology, vol. 8407, pp. 462–471. Springer Berlin Heidelberg (2014).
[21]
Kotsiantis SB Decision trees: a recent overview Artif. Intell. Rev. 2013 39 261-283
[22]
Landoll, D.J.: Information Security Policies, Procedures, and Standards: A Practitioner’s Reference. CRC Press (2017)
[23]
Li, M., Hawrylak, P., Hale, J.: Concurrency strategies for attack graph generation. In: 2019 2nd International Conference on Data Intelligence and Security (ICDIS), pp. 174–179 (2019)
[24]
Li, M., Hawrylak, P.J., Hale, J.: Implementing an attack graph generator in CUDA. In: 2020 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW), pp. 730–738 (2020)
[25]
Li, R.H., Yu, J.X., Qin, L., Mao, R., Jin, T.: On random walk based graph sampling. In: 2015 IEEE 31st International Conference on Data Engineering, pp. 927–938. IEEE (2015)
[26]
Li T, Jiang Y, Lin C, Obaidat M, Shen Y, and Ma J DeepAG: attack graph construction and threats prediction with bi-directional deep learning IEEE Trans. Dependable Secure Comput. 2022 20 740-757
[27]
Li, Z., Zeng, J., Chen, Y., Liang, Z.: Attackg: constructing technique knowledge graph from cyber threat intelligence reports. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds.) Computer Security – ESORICS 2022, vol. 13554, pp. 589–609. Springer, Cham (2022).
[28]
Liu, X., Fang, C., Xiao, D., Xu, H.: A goal-oriented approach for modeling and analyzing attack graph. In: 2010 International Conference on Information Science and Applications, pp. 1–8 (2010)
[29]
Macher G, Armengaud E, Brenner E, and Kreiner C Skavhaug A, Guiochet J, and Bitsch F A review of threat analysis and risk assessment methods in the automotive context Computer Safety, Reliability, and Security 2016 Cham Springer 130-141
[30]
Massey FJ Jr The kolmogorov-smirnov test for goodness of fit J. Am. Stat. Assoc. 1951 46 253 68-78
[31]
Nadeem A, Verwer S, Moskal S, and Yang SJ Alert-driven attack graph generation using S-PDFA IEEE Trans. Dependable Secure Comput. 2022 19 2 731-746
[32]
Noel, S., Jajodia, S.: Metrics suite for network attack graph analytics. In: Proceedings of the 9th Annual Cyber and Information Security Research Conference, pp. 5–8 (2014)
[33]
Palma, A., Bonomi, S.: A workflow for distributed and resilient attack graph generation. In: 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S), pp. 185–187. IEEE (2023)
[34]
Pauley, E., Sheatsley, R., Hoak, B., Burke, Q., Beugin, Y., McDaniel, P.: Measuring and mitigating the risk of IP reuse on public clouds. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 558–575. IEEE (2022)
[35]
Pedregosa F et al. Édouard Duchesnay: Scikit-learn: machine learning in python J. Mach. Learn. Res. 2011 12 85 2825-2830
[36]
Sabur A, Chowdhary A, Huang D, and Alshamrani A Toward scalable graph-based security analysis for cloud networks Comput. Netw. 2022 206 108795
[37]
Salayma, M., Lupu, E.C.: Threat modelling in internet of things (IoT) environment using dynamic attack graphs. arXiv:2310.01689 [cs] (2023)
[38]
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: Proceedings 2002 IEEE Symposium on Security and Privacy, pp. 273–284 (2002)
[39]
Sproull, N.L.: Handbook of Research Methods: A Guide for Practitioners and Students in the Social Sciences. Scarecrow Press (2002)
[40]
Stergiopoulos G, Dedousis P, and Gritzalis D Automatic analysis of attack graphs for risk mitigation and prioritization on large-scale and complex networks in industry 4.0 Int. J. Inf. Secur. 2022 21 1 37-59
[41]
Sun W, Li Q, Wang P, and Hou J Khosravi MR, He Q, and Dai H Heuristic network security risk assessment based on attack graph Cloud Computing 2022 Cham Springer 181-194
[42]
Tian, J.W., Li, X., Tian, Z., Qi, W.H.: Network attack path reconstruction based on similarity computation. In: 2017 13th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery, pp. 2457–2461. IEEE, Guilin (2017)
[43]
Wang, S., Tang, G., Kou, G., Chao, Y.: An attack graph generation method based on heuristic searching strategy. In: 2016 2nd IEEE International Conference on Computer and Communications (ICCC), pp. 1180–1185 (2016)
[44]
Woods, D.W., Böhme, R.: SoK: quantifying cyber risk. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 211–228 (2021)
[45]
Wu Z, Pan S, Chen F, Long G, Zhang C, and Yu PS A comprehensive survey on graph neural networks IEEE Trans. Neural Networks Learn. Syst. 2021 32 1 4-24
[46]
Yichao Z, Tianyang Z, Xiaoyue G, and Qingxian W An improved attack path discovery algorithm through compact graph planning IEEE Access 2019 7 59346-59356
[47]
Yuan, B., Pan, Z., Shi, F., Li, Z.: An attack path generation methods based on graph database. In: 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), vol. 1, pp. 1905–1910 (2020)
[48]
Zenitani K A scalable algorithm for network reachability analysis with cyclic attack graphs J. Comput. Secur. 2022 31 29-55
[49]
Zenitani K Attack graph analysis: an explanatory guide Comput. Secur. 2023 126 103081
Index Terms
- It is Time To Steer: A Scalable Framework for Analysis-Driven Attack Graph Generation
Index terms have been assigned to the content through auto-classification.
Recommendations
From attack graph analysis to attack function analysis
AbstractAttack graph analysis is a model-based network-security analysis method. It generates and analyzes a directed graph called an attack graph. Each node corresponds to a malicious event caused by attackers, and the edges correspond to the causal ...
Highlights- Proposing to use attack functions as the single source of various attack graphs.
- An attack function is a monotonic mapping between sets of propositions.
- It enables the consistent mixture of different forms of attack graphs.
- It ...
A planner-based approach to generate and analyze minimal attack graph
In the present scenario, even well administered networks are susceptible to sophisticated cyber attacks. Such attack combines vulnerabilities existing on different systems/services and are potentially more harmful than single point attacks. One of the ...
A vulnerability attack graph generation method based on scripts
ICICA'12: Proceedings of the Third international conference on Information Computing and ApplicationsThe vulnerability attack graph is an important method for prevention of network attacks. However, the huge amount of vulnerability has caused great difficulties for attack graph generation. By using the general search methods, we often retrieve many ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Sep 2024
494 pages
ISBN:978-3-031-70902-9
DOI:10.1007/978-3-031-70903-6
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 16 September 2024
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 02 Oct 2024
Other Metrics
Citations
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in