Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
129 tokens/sec
GPT-4o
28 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Threat Modelling in Internet of Things (IoT) Environment Using Dynamic Attack Graphs (2310.01689v2)

Published 2 Oct 2023 in cs.CR, cs.DC, and cs.NI

Abstract: This work presents a threat modelling approach to represent changes to the attack paths through an Internet of Things (IoT) environment when the environment changes dynamically, i.e., when new devices are added or removed from the system or when whole sub-systems join or leave. The proposed approach investigates the propagation of threats using attack graphs. However, traditional attack graph approaches have been applied in static environments that do not continuously change such as the Enterprise networks, leading to static and usually very large attack graphs. In contrast, IoT environments are often characterised by dynamic change and interconnections; different topologies for different systems may interconnect with each other dynamically and outside the operator control. Such new interconnections lead to changes in the reachability amongst devices according to which their corresponding attack graphs change. This requires dynamic topology and attack graphs for threat and risk analysis. In this paper, a threat modelling approach is developed that copes with dynamic system changes that may occur in IoT environments and enables identifying attack paths whilst allowing for system dynamics. Dynamic topology and attack graphs were developed that are able to cope with the changes in the IoT environment rapidly by maintaining their associated graphs. To motivate the work and illustrate the proposed approach, an example scenario based on healthcare systems is introduced. The proposed approach is implemented using a Graph Database Management Tool (GDBM)- Neo4j- which is a popular tool for mapping, visualising and querying the graphs of highly connected data, and is efficient in providing a rapid threat modelling mechanism, which makes it suitable for capturing security changes in the dynamic IoT environment.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (34)
  1. K. Sorri, N. Mustafee, and M. Seppänen, “Revisiting iot definitions: A framework towards comprehensive use,” Technological Forecasting and Social Change, vol. 179, p. 121623, 2022. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S004016252200155X
  2. S. Saravanan, M. Kalaiyarasi, K. Karunanithi, S. Karthi, S. Pragaspathy, and K. S. Kadali, “Iot based healthcare system for patient monitoring,” in IoT and Analytics for Sensor Networks.   Springer, 2022, pp. 445–453.
  3. N. Agmon, A. Shabtai, and R. Puzis, “Deployment optimization of iot devices through attack graph analysis,” in Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, 2019, pp. 192–202.
  4. S. Jha, O. Sheyner, and J. Wing, “Two formal analyses of attack graphs,” in Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15, 2002, pp. 49–63.
  5. S. Noel, L. Wang, A. Singhal, and S. Jajodia, “Measuring security risk of networks using attack graphs,” International Journal of Next-Generation Computing, pp. 113–123, 2010.
  6. R. R. Veloso, L. Cerf, W. Meira Jr, and M. J. Zaki, “Reachability queries in very large graphs: A fast refined online search approach.” in EDBT.   Citeseer, 2014, pp. 511–522.
  7. R. Jin, N. Ruan, S. Dey, and J. Y. Xu, “Scarab: scaling reachability computation on large graphs,” in Proceedings of the 2012 ACM SIGMOD International Conference on Management of Data, 2012, pp. 169–180.
  8. M. S. Barik and C. Mazumdar, “A graph data model for attack graph generation and analysis,” in International Conference on Security in Computer Networks and Distributed Systems.   Springer, 2014, pp. 239–250.
  9. M. S. Barik, C. Mazumdar, and A. Gupta, “Network vulnerability analysis using a constrained graph data model,” in International Conference on Information Systems Security.   Springer, 2016, pp. 263–282.
  10. Y. Chen et al., “Comparison of graph databases and relational databases when handling large-scale social data,” Ph.D. dissertation, University of Saskatchewan, 2016.
  11. S. Noel, E. Harley, K. H. Tam, and G. Gyor, “Big-data architecture for cyber attack graphs,” MITRE case, no. 14-3549, 2014.
  12. B. Yuan, Z. Pan, F. Shi, and Z. Li, “An attack path generation methods based on graph database,” in 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), vol. 1.   IEEE, 2020, pp. 1905–1910.
  13. M. S. Barik, A. Sengupta, and C. Mazumdar, “Attack graph generation and analysis techniques,” Defence science journal, vol. 66, no. 6, p. 559, 2016.
  14. L. P. Swiler, C. Phillips, and T. Gaylor, “A graph-based network-vulnerability analysis system,” Sandia National Lab.(SNL-NM), Albuquerque, NM (United States), Tech. Rep., 1998.
  15. S. Jajodia and S. Noel, “Topological vulnerability analysis: A powerful new approach for network attack prevention, detection, and response,” in Algorithms, architectures and information systems security.   World Scientific, 2009, pp. 285–305.
  16. S. Jajodia, S. Noel, and B. O’berry, “Topological analysis of network attack vulnerability,” in Managing cyber threats.   Springer, 2005, pp. 247–266.
  17. L. Muñoz-González, D. Sgandurra, M. Barrère, and E. C. Lupu, “Exact inference techniques for the analysis of bayesian attack graphs,” IEEE Transactions on Dependable and Secure Computing, vol. 16, no. 2, pp. 231–244, 2017.
  18. X. Ou, W. F. Boyer, and M. A. McQueen, “A scalable approach to attack graph generation,” in Proceedings of the 13th ACM conference on Computer and communications security, 2006, pp. 336–345.
  19. S. Noel, E. T. Harley, K. H. Tam, M. Limiero, and M. E. Share, “Chapter 4 – cygraph: Graph-based analytics and visualization for cybersecurity,” Handbook of Statistics, vol. 35, pp. 117–167, 2016.
  20. E. W. Weisstein, “Floyd-warshall algorithm,” https://mathworld. wolfram. com/, 2008.
  21. G. Xie, J. Zhan, D. Maltz, H. Zhang, A. Greenberg, G. Hjalmtysson, and J. Rexford, “On static reachability analysis of ip networks,” in Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies., vol. 3, 2005, pp. 2170–2183 vol. 3.
  22. H. Booth, D. Rike, and G. Witte, “The national vulnerability database (nvd): Overview,” 2013-12-18 2013. [Online]. Available: https://tsapps.nist.gov/publication/get˙pdf.cfm?pub˙id=915172
  23. G. S. Bopche and B. M. Mehtre, “Graph similarity metrics for assessing temporal changes in attack surface of dynamic networks,” Computers & Security, vol. 64, pp. 16–43, 2017.
  24. C. Phillips and L. P. Swiler, “A graph-based system for network-vulnerability analysis,” in Proceedings of the 1998 workshop on New security paradigms, 1998, pp. 71–79.
  25. C. Phillips and L. P. Swiler, “A graph-based system for network-vulnerability analysis,” in Proceedings of the 1998 Workshop on New Security Paradigms, ser. NSPW ’98.   New York, NY, USA: Association for Computing Machinery, 1998, p. 71–79. [Online]. Available: https://doi.org/10.1145/310889.310919
  26. R. Ortalo, Y. Deswarte, and M. Kaâniche, “Experimenting with quantitative evaluation tools for monitoring operational security,” IEEE Transactions on Software Engineering, vol. 25, no. 5, pp. 633–650, 1999.
  27. W. Li and R. B. Vaughn, “Cluster security research involving the modeling of network exploitations using exploitation graphs,” in Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID’06), vol. 2.   IEEE, 2006, pp. 26–26.
  28. N. Idika and B. Bhargava, “Extending attack graph-based security metrics and aggregating their application,” IEEE Transactions on dependable and secure computing, vol. 9, no. 1, pp. 75–85, 2010.
  29. R. Lippmann, K. Ingols, C. Scott, K. Piwowarski, K. Kratkiewicz, M. Artz, and R. Cunningham, “Validating and restoring defense in depth using attack graphs,” in MILCOM 2006-2006 IEEE Military Communications Conference.   IEEE, 2006, pp. 1–10.
  30. J. Pamula, S. Jajodia, P. Ammann, and V. Swarup, “A weakest-adversary security metric for network configuration security analysis,” in Proceedings of the 2nd ACM workshop on Quality of protection, 2006, pp. 31–38.
  31. S. Noel and S. Jajodia, “Metrics suite for network attack graph analytics,” in Proceedings of the 9th Annual Cyber and Information Security Research Conference, 2014, pp. 5–8.
  32. L. Wang, A. Singhal, and S. Jajodia, “Measuring the overall security of network configurations using attack graphs,” in IFIP Annual Conference on Data and Applications Security and Privacy.   Springer, 2007, pp. 98–112.
  33. L. Wang, T. Islam, T. Long, A. Singhal, and S. Jajodia, “An attack graph-based probabilistic security metric,” in IFIP Annual Conference on Data and Applications Security and Privacy.   Springer, 2008, pp. 283–296.
  34. L. Munoz-González and E. C. Lupu, “Bayesian attack graphs for security risk assessment,” ST-153/RWS-21 NATO Workshop on Cyber Resilience, pp. 64–77, 2017.
Citations (3)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets