Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
166 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

SPGNN-API: A Transferable Graph Neural Network for Attack Paths Identification and Autonomous Mitigation (2305.19487v2)

Published 31 May 2023 in cs.CR, cs.NE, and cs.NI

Abstract: Attack paths are the potential chain of malicious activities an attacker performs to compromise network assets and acquire privileges through exploiting network vulnerabilities. Attack path analysis helps organizations to identify new/unknown chains of attack vectors that reach critical assets within the network, as opposed to individual attack vectors in signature-based attack analysis. Timely identification of attack paths enables proactive mitigation of threats. Nevertheless, manual analysis of complex network configurations, vulnerabilities, and security events to identify attack paths is rarely feasible. This work proposes a novel transferable graph neural network-based model for shortest path identification. The proposed shortest path detection approach, integrated with a novel holistic and comprehensive model for identifying potential network vulnerabilities interactions, is then utilized to detect network attack paths. Our framework automates the risk assessment of attack paths indicating the propensity of the paths to enable the compromise of highly-critical assets (e.g., databases) given the network configuration, assets' criticality, and the severity of the vulnerabilities in-path to the asset. The proposed framework, named SPGNN-API, incorporates automated threat mitigation through a proactive timely tuning of the network firewall rules and zero-trust policies to break critical attack paths and bolster cyber defenses. Our evaluation process is twofold; evaluating the performance of the shortest path identification and assessing the attack path detection accuracy. Our results show that SPGNN-API largely outperforms the baseline model for shortest path identification with an average accuracy >= 95% and successfully detects 100% of the potentially compromised assets, outperforming the attack graph baseline by 47%.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (37)
  1. E. J. Byres, M. Franz, and D. Miller, “The use of attack trees in assessing vulnerabilities in scada systems,” in Proceedings of the international infrastructure survivability workshop, 2004.
  2. M. A. McQueen, W. F. Boyer, M. A. Flynn, and G. A. Beitel, “Quantitative cyber risk reduction estimation methodology for a small scada control system,” in Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS’06), vol. 9, 2006.
  3. M. S. K. Awan, P. Burnap, and O. Rana, “Identifying cyber risk hotspots: A framework for measuring temporal variance in computer network risk,” Computers & Security, vol. 57, 2016.
  4. S. M. Ghaffarian and H. R. Shahriari, “Software vulnerability analysis and discovery using machine-learning and data-mining techniques: A survey,” ACM Comput. Surv., vol. 50, no. 4, 2017.
  5. Y. Nikoloudakis, I. Kefaloukos, S. Klados, S. Panagiotakis, E. Pallis, C. Skianis, and E. K. Markakis, “Towards a machine learning based situational awareness framework for cybersecurity: An sdn implementation,” Sensors, vol. 21, 2021.
  6. M. Zolanvari, M. A. Teixeira, L. Gupta, K. M. Khan, and R. Jain, “Machine learning-based network vulnerability analysis of industrial internet of things,” IEEE Internet of Things Journal, vol. 6, 2019.
  7. X. Ou, W. F. Boyer, and M. A. McQueen, “A scalable approach to attack graph generation,” ser. CCS ’06, 2006.
  8. “NATIONAL VULNERABILITY DATABASE (NVD): CVSS Vulnerability Metrics,” https://nvd.nist.gov/vuln-metrics/cvss.
  9. P. Mell, K. Scarfone, and S. Romanosky, “Nist interagency report 7435, the common vulnerability scoring system (cvss) and its applicability to federal agency systems,” 08 2007.
  10. Y. Yang, X. Wang, M. Song, J. Yuan, and D. Tao, “Spagan: Shortest path graph attention network,” in IJCAI, 2019.
  11. P. Li, Y. Wang, H. Wang, and J. Leskovec, “Distance encoding: Design provably more powerful neural networks for graph representation learning.”   Curran Associates Inc., 2020.
  12. J. You, R. Ying, and J. Leskovec, “Position-aware graph neural networks,” in Proceedings of the 36th International Conference on Machine Learning, ICML 2019, 9-15 June 2019, California, USA, vol. 97, 2019.
  13. A. Mccallum, K. Nigam, J. Rennie, and K. Seymore, “Automating the construction of internet portals with machine learning,” Information Retrieval, vol. 3(2), 11 2000.
  14. C. L. Giles, K. D. Bollacker, and S. Lawrence, “Citeseer: An automatic citation indexing system,” in Proceedings of the Third ACM Conference on Digital Libraries, 1998.
  15. paloalto. An integrated suite of ai-driven, intelligent products for the soc. [Online]. Available: https://www.paloaltonetworks.com/cortex
  16. PAESSLER. Monitor your network with the network monitoring tool prtg. [Online]. Available: https://www.paessler.com/network_monitoring_tool
  17. rapid7. InsightVM for vulnerability management. [Online]. Available: https://www.rapid7.com/products/insightvm/
  18. “Tenable network security: The nessus security scanner,” http://www.nessus.org.
  19. H. Wang, G. Ye, Z. Tang, S. H. Tan, S. Huang, D. Fang, Y. Feng, L. Bian, and Z. Wang, “Combining graph-based learning with automated data collection for code vulnerability detection,” IEEE TIFS, vol. 16, 2021.
  20. A. Protogerou, S. Papadopoulos, A. Drosou, D. Tzovaras, and I. Refanidis, “A graph neural network method for distributed anomaly detection in iot,” Evolving Systems, vol. 12, 03 2021.
  21. S. Wang, Z. Chen, X. Yu, D. Li, J. Ni, L.-A. Tang, J. Gui, Z. Li, H. Chen, and P. S. Yu, “Heterogeneous graph matching networks for unknown malware detection,” in Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence, IJCAI-19, 2019.
  22. W. W. Lo, S. Layeghy, M. Sarhan, M. Gallagher, and M. Portmann, “E-graphsage: A graph neural network based intrusion detection system,” IEEE/IFIP NOMS, 2022.
  23. K. Xu, W. Hu, J. Leskovec, and S. Jegelka, “How powerful are graph neural networks?” in 7th International Conference on Learning Representations, ICLR 2019, New Orleans, LA, USA, 2019, 2019.
  24. A. C. S. Centre, “Strategies to mitigate cyber security incidents – mitigation details,” 2022.
  25. N. Basta, M. Ikram, M. A. Kaafar, and A. Walker, “Towards a zero-trust micro-segmentation network security strategy: An evaluation framework,” in IEEE/IFIP NOMS, 2022.
  26. S. G. Kassa, “It asset valuation , risk assessment and control implementation model,” ISACA, vol. 3, 2017.
  27. J. Zeng, S. Wu, Y. Chen, R. Zeng, C. Wu, and P. Caballero-Gil, “Survey of attack graph analysis methods from the perspective of data and knowledge processing,” Sec. and Commun. Netw., 2019.
  28. C. Phillips and L. P. Swiler, “A graph-based system for network-vulnerability analysis,” in Proceedings of the 1998 Workshop on New Security Paradigms, ser. NSPW ’98, 1998.
  29. N. Polatidis, M. Pavlidis, and H. Mouratidis, “Cyber-attack path discovery in a dynamic supply chain maritime risk management system,” Computer Standards & Interfaces, vol. 56, 2018.
  30. L. LováSz, “Review of the book by alexander schrijver: Combinatorial optimization: Polyhedra and efficiency,” Oper. Res. Lett., vol. 33, 2005.
  31. B. Perozzi, R. Al-Rfou, and S. Skiena, “Deepwalk: Online learning of social representations,” in Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery& Data Mining, 2014.
  32. T. Mikolov, I. Sutskever, K. Chen, G. Corrado, and J. Dean, “Distributed representations of words and phrases and their compositionality,” in Proceedings of the 26th International Conference on Neural Information Processing Systems - Volume 2, 2013.
  33. T. N. Kipf and M. Welling, “Semi-supervised classification with graph convolutional networks,” in 5th International Conference on Learning Representations, ICLR 2017, Toulon, France, April 24-26, 2017, Conference Track Proceedings, 2017.
  34. R. v. d. Berg, T. N. Kipf, and M. Welling, “Graph convolutional matrix completion,” in KDD’18 Deep Learning Day, UK, 2018.
  35. J. Zhou, G. Cui, S. Hu, Z. Zhang, C. Yang, Z. Liu, L. Wang, C. Li, and M. Sun, “Graph neural networks: A review of methods and applications,” AI Open, vol. 1, pp. 57–81, 2020.
  36. C. Wang, S. Pan, R. Hu, G. Long, J. Jiang, and C. Zhang, “Attributed graph clustering: A deep attentional embedding approach,” in Proceedings of the 28th International Joint Conference on AI, 2019.
  37. F. Wu, A. H. S. Jr., T. Zhang, C. Fifty, T. Yu, and K. Q. Weinberger, “Simplifying graph convolutional networks,” in Proceedings of the 36th International Conference on Machine Learning, ICML 2019.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now