Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
167 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

It Is Time To Steer: A Scalable Framework for Analysis-driven Attack Graph Generation (2312.16513v2)

Published 27 Dec 2023 in cs.CR

Abstract: Attack Graph (AG) represents the best-suited solution to support cyber risk assessment for multi-step attacks on computer networks, although their generation suffers from poor scalability due to their combinatorial complexity. Current solutions propose to address the generation problem from the algorithmic perspective and postulate the analysis only after the generation is complete, thus implying too long waiting time before enabling analysis capabilities. Additionally, they poorly capture the dynamic changes in the networks due to long generation times. To mitigate these problems, this paper rethinks the classic AG analysis through a novel workflow in which the analyst can query the system anytime, thus enabling real-time analysis before the completion of the AG generation with quantifiable statistical significance. Further, we introduce a mechanism to accelerate the generation by steering it with the analysis query. To show the capabilities of the proposed framework, we perform an extensive quantitative validation and present a realistic case study on networks of unprecedented size. It demonstrates the advantages of our approach in terms of scalability and fitting to common attack path analyses.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (74)
  1. S. Dambra, L. Bilge, and D. Balzarotti, “Sok: Cyber insurance–technical challenges and a system security roadmap,” in 2020 IEEE Symposium on Security and Privacy (SP).   IEEE, 2020, pp. 1367–1383.
  2. G. Gonzalez-Granadillo, S. Dubus, A. Motzek, J. Garcia-Alfaro, E. Alvarez, M. Merialdo, S. Papillon, and H. Debar, “Dynamic risk management response system to handle cyber threats,” Future Generation Computer Systems, vol. 83, pp. 535–552, Jun. 2018. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167739X17311433
  3. J. Zengy, X. Wang, J. Liu, Y. Chen, Z. Liang, T.-S. Chua, and Z. L. Chua, “Shadewatcher: Recommendation-guided cyber threat analysis using system audit records,” in 2022 IEEE Symposium on Security and Privacy (SP).   IEEE, 2022, pp. 489–506.
  4. D. W. Woods and R. Böhme, “Sok: Quantifying cyber risk,” in 2021 IEEE Symposium on Security and Privacy (SP), 2021, pp. 211–228.
  5. J. Navarro, A. Deruyver, and P. Parrend, “A systematic survey on multi-step attack detection,” Computers & Security, vol. 76, pp. 214–249, 2018.
  6. R. Khan, K. McLaughlin, D. Laverty, and S. Sezer, “Stride-based threat modeling for cyber-physical systems,” in 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe).   IEEE, 2017, pp. 1–6.
  7. K. Zenitani, “Attack graph analysis: An explanatory guide,” Computers & Security, vol. 126, p. 103081, Mar. 2023. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167404822004734
  8. K. Kaynar, “A taxonomy for attack graph generation and usage in network security,” Journal of Information Security and Applications, vol. 29, pp. 27–56, Aug. 2016. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S2214212616300011
  9. H. S. Lallie, K. Debattista, and J. Bal, “A review of attack graph and attack tree visual syntax in cyber security,” Computer Science Review, vol. 35, p. 100219, 2020.
  10. K. Kaynar and F. Sivrikaya, “Distributed Attack Graph Generation,” IEEE Transactions on Dependable and Secure Computing, vol. 13, no. 5, pp. 519–532, Sep. 2016, conference Name: IEEE Transactions on Dependable and Secure Computing.
  11. Y. Feng, L. Wang, J. Zhang, Z. Cai, and Y. Gan, “Generation Method of Network Attack Graph Based On Greedy Heuristic Algorithm,” International Journal of Hybrid Information Technology, vol. 10, no. 6, pp. 23–32, Jun. 2017. [Online]. Available: http://gvpress.com/journals/IJHIT/vol10_no6/3.pdf
  12. A. Palma and S. Bonomi, “A workflow for distributed and resilient attack graph generation,” in 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S).   IEEE, 2023, pp. 185–187.
  13. W. Sun, Q. Li, P. Wang, and J. Hou, “Heuristic Network Security Risk Assessment Based on Attack Graph,” in Cloud Computing, ser. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, M. R. Khosravi, Q. He, and H. Dai, Eds.   Cham: Springer International Publishing, 2022, pp. 181–194.
  14. Z. Yichao, Z. Tianyang, G. Xiaoyue, and W. Qingxian, “An Improved Attack Path Discovery Algorithm Through Compact Graph Planning,” IEEE Access, vol. 7, pp. 59 346–59 356, 2019. [Online]. Available: https://ieeexplore.ieee.org/document/8708196/
  15. M. Li, P. J. Hawrylak, and J. Hale, “Implementing an Attack Graph Generator in CUDA,” in 2020 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW), May 2020, pp. 730–738.
  16. H. Aliee, F. Khosravi, and J. Teich, “Efficient treatment of uncertainty in system reliability analysis using importance measures,” in 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2019, pp. 76–87.
  17. J.-D. Fekete and R. Primet, “Progressive analytics: A computation paradigm for exploratory data analysis,” arXiv preprint arXiv:1607.05162, 2016.
  18. M. Angelini, G. Santucci, H. Schumann, and H.-J. Schulz, “A review and characterization of progressive visual analytics,” in Informatics, vol. 5.   MDPI, 2018, p. 31.
  19. K. Ingols, R. Lippmann, and K. Piwowarski, “Practical Attack Graph Generation for Network Defense,” in 2006 22nd Annual Computer Security Applications Conference (ACSAC’06), Dec. 2006, pp. 121–130, iSSN: 1063-9527.
  20. S. Jajodia, S. Noel, and B. O’Berry, “Topological Analysis of Network Attack Vulnerability,” Jan. 2005, vol. 5, pp. 247–266.
  21. X. Ou, S. Govindavajhala, A. W. Appel et al., “Mulval: A logic-based network security analyzer.” in USENIX security symposium, vol. 8.   Baltimore, MD, 2005, pp. 113–128.
  22. NIST, “NVD: National Vulnerability Database.” [Online]. Available: https://nvd.nist.gov/
  23. ——, “NIST: National Institute of Standards and Technology.” [Online]. Available: https://www.nist.gov/
  24. T. N. Security, “Nessus,” Tenable Network Security, tool, 11 2022. [Online]. Available: www.tenable.com/products/nessus
  25. S. Jajodia and S. Noel, “Topological vulnerability analysis,” in Cyber situational awareness: Issues and research.   Springer, 2009, pp. 139–154.
  26. B. Yuan, Z. Pan, F. Shi, and Z. Li, “An Attack Path Generation Methods Based on Graph Database,” in 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), vol. 1, Jun. 2020, pp. 1905–1910.
  27. CVSS Special Interest Group (SIG), “CVSS: Common Vulnerability Scoring System.” [Online]. Available: https://www.first.org/cvss/
  28. ISO Central Secretary, “Iso/iec 27001:2022-information security, cybersecurity and privacy protection - guidance on managing information security risks,” International Organization for Standardization, Geneva, CH, Standard ISO/IEC 27005:2022, 2022.
  29. C. Phillips and L. P. Swiler, “A graph-based system for network-vulnerability analysis,” in Proceedings of the 1998 workshop on New security paradigms, 1998, pp. 71–79.
  30. D. Tayouri, N. Baum, A. Shabtai, and R. Puzis, “A survey of mulval extensions and their attack scenarios coverage,” IEEE Access, 2023.
  31. J. Zeng, S. Wu, Y. Chen, R. Zeng, and C. Wu, “Survey of attack graph analysis methods from the perspective of data and knowledge processing,” Security and Communication Networks, vol. 2019, pp. 1–16, 2019.
  32. M. Hogräfer, M. Angelini, G. Santucci, and H.-J. Schulz, “Steering-by-example for Progressive Visual Analytics,” ACM Transactions on Intelligent Systems and Technology, vol. 13, no. 6, pp. 96:1–96:26, 2022. [Online]. Available: https://doi.org/10.1145/3531229
  33. T. Gonda, T. Pascal, R. Puzis, G. Shani, and B. Shapira, “Analysis of attack graph representations for ranking vulnerability fixes.” in GCAI, 2018, pp. 215–228.
  34. W. Bai, A. Cheng, C. Wang, and Z. Pan, “A fast user actual privilege reasoning framework based on privilege dependency graph reduction,” IET Information Security, vol. 17, no. 3, pp. 505–517, 2023.
  35. C. Y. Lee, “An algorithm for path connections and its applications,” IRE transactions on electronic computers, no. 3, pp. 346–365, 1961.
  36. K. Pearson, “The problem of the random walk,” Nature, vol. 72, no. 1865, pp. 294–294, 1905.
  37. R.-H. Li, J. X. Yu, L. Qin, R. Mao, and T. Jin, “On random walk based graph sampling,” in 2015 IEEE 31st international conference on data engineering.   IEEE, 2015, pp. 927–938.
  38. F. J. Massey Jr, “The kolmogorov-smirnov test for goodness of fit,” Journal of the American statistical Association, vol. 46, no. 253, pp. 68–78, 1951.
  39. E. W. Zegura, K. L. Calvert, and M. J. Donahoo, “A quantitative comparison of graph-based models for internet topology,” IEEE/ACM Transactions on networking, vol. 5, no. 6, pp. 770–783, 1997.
  40. P. ERDdS and A. R&wi, “On random graphs i,” Publ. math. debrecen, vol. 6, no. 290-297, p. 18, 1959.
  41. C. R. Palmer and J. G. Steffan, “Generating network topologies that obey power laws,” in Globecom’00-IEEE. Global Telecommunications Conference. Conference Record (Cat. No. 00CH37137), vol. 1.   IEEE, 2000, pp. 434–438.
  42. F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, and Édouard Duchesnay, “Scikit-learn: Machine learning in python,” Journal of Machine Learning Research, vol. 12, no. 85, pp. 2825–2830, 2011. [Online]. Available: http://jmlr.org/papers/v12/pedregosa11a.html
  43. P. Virtanen, R. Gommers, T. E. Oliphant, M. Haberland, T. Reddy, D. Cournapeau, E. Burovski, P. Peterson, W. Weckesser, J. Bright et al., “Scipy 1.0: fundamental algorithms for scientific computing in python,” Nature methods, vol. 17, no. 3, pp. 261–272, 2020.
  44. S. B. Kotsiantis, “Decision trees: a recent overview,” Artificial Intelligence Review, vol. 39, pp. 261–283, 2013.
  45. K. Dimitriadou, O. Papaemmanouil, and Y. Diao, “Explore-by-example: An automatic query steering framework for interactive data exploration,” in Proceedings of the 2014 ACM SIGMOD international conference on Management of data, 2014, pp. 517–528.
  46. N. Ghosh and S. K. Ghosh, “A planner-based approach to generate and analyze minimal attack graph,” Applied Intelligence, vol. 36, no. 2, pp. 369–390, Mar. 2012. [Online]. Available: https://doi.org/10.1007/s10489-010-0266-8
  47. S. Wang, G. Tang, G. Kou, and Y. Chao, “An attack graph generation method based on heuristic searching strategy,” in 2016 2nd IEEE International Conference on Computer and Communications (ICCC), Oct. 2016, pp. 1180–1185.
  48. J.-w. Tian, X. Li, Z. Tian, and W.-h. Qi, “Network attack path reconstruction based on similarity computation,” in 2017 13th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD).   Guilin: IEEE, Jul. 2017, pp. 2457–2461. [Online]. Available: https://ieeexplore.ieee.org/document/8393160/
  49. G. George and S. M. Thampi, “A Graph-Based Security Framework for Securing Industrial IoT Networks From Vulnerability Exploitations,” IEEE Access, vol. 6, pp. 43 586–43 601, 2018, conference Name: IEEE Access.
  50. M. Li, P. Hawrylak, and J. Hale, “Concurrency Strategies for Attack Graph Generation,” in 2019 2nd International Conference on Data Intelligence and Security (ICDIS), Jun. 2019, pp. 174–179.
  51. O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. Wing, “Automated generation and analysis of attack graphs,” in Proceedings 2002 IEEE Symposium on Security and Privacy, 2002, pp. 273–284.
  52. S. Noel and S. Jajodia, “Metrics suite for network attack graph analytics,” in Proceedings of the 9th Annual Cyber and Information Security Research Conference, 2014, pp. 5–8.
  53. I. Kotenko and E. Doynikova, “Security Assessment of Computer Networks Based on Attack Graphs and Security Events,” in Information and Communication Technology, Linawati, M. S. Mahendra, E. J. Neuhold, A. M. Tjoa, and I. You, Eds.   Berlin, Heidelberg: Springer Berlin Heidelberg, 2014, vol. 8407, pp. 462–471, series Title: Lecture Notes in Computer Science. [Online]. Available: http://link.springer.com/10.1007/978-3-642-55032-4_47
  54. G. Kavallieratos and S. Katsikas, “Attack Path Analysis for Cyber Physical Systems,” in Computer Security, ser. Lecture Notes in Computer Science, S. Katsikas, F. Cuppens, N. Cuppens, C. Lambrinoudakis, C. Kalloniatis, J. Mylopoulos, A. Antón, S. Gritzalis, W. Meng, and S. Furnell, Eds.   Cham: Springer International Publishing, 2020, pp. 19–33.
  55. T. Aven, “On the meaning of a black swan in a risk context,” Safety science, vol. 57, pp. 44–51, 2013.
  56. N. Khakzad, F. Khan, and P. Amyotte, “Major accidents (gray swans) likelihood modeling using accident precursors and approximate reasoning,” Risk analysis, vol. 35, no. 7, pp. 1336–1347, 2015.
  57. A. Ramos, M. Lazar, R. Holanda Filho, and J. J. Rodrigues, “Model-based quantitative network security metrics: A survey,” IEEE Communications Surveys & Tutorials, vol. 19, no. 4, pp. 2704–2734, 2017.
  58. A. Sabur, A. Chowdhary, D. Huang, and A. Alshamrani, “Toward scalable graph-based security analysis for cloud networks,” Computer Networks, vol. 206, p. 108795, Apr. 2022. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S1389128622000251
  59. T. Li, Y. Jiang, C. Lin, M. Obaidat, Y. Shen, and J. Ma, “DeepAG: Attack Graph Construction and Threats Prediction with Bi-directional Deep Learning,” IEEE Transactions on Dependable and Secure Computing, pp. 1–1, 2022, conference Name: IEEE Transactions on Dependable and Secure Computing.
  60. A. Grover and J. Leskovec, “node2vec: Scalable Feature Learning for Networks,” in Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, ser. KDD ’16.   New York, NY, USA: Association for Computing Machinery, 2016, pp. 855–864. [Online]. Available: https://dl.acm.org/doi/10.1145/2939672.2939754
  61. T. Gonda, G. Shani, R. Puzis, and B. Shapira, “Ranking vulnerability fixes using planning graph analysis,” in IWAISe: First International Workshop on Artificial Intelligence in Security, vol. 41, 2017.
  62. X. Liu, C. Fang, D. Xiao, and H. Xu, “A Goal-Oriented Approach for Modeling and Analyzing Attack Graph,” in 2010 International Conference on Information Science and Applications, Apr. 2010, pp. 1–8, iSSN: 2162-9048.
  63. M. Salayma and E. C. Lupu, “Threat Modelling in Internet of Things (IoT) Environment Using Dynamic Attack Graphs,” Oct. 2023, arXiv:2310.01689 [cs]. [Online]. Available: http://arxiv.org/abs/2310.01689
  64. J. Guia, V. G. Soares, and J. Bernardino, “Graph databases: Neo4j analysis.” in ICEIS (1), 2017, pp. 351–356.
  65. A. Nadeem, S. Verwer, S. Moskal, and S. J. Yang, “Alert-Driven Attack Graph Generation Using S-PDFA,” IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 2, pp. 731–746, Mar. 2022, conference Name: IEEE Transactions on Dependable and Secure Computing.
  66. W. U. Hassan, A. Bates, and D. Marino, “Tactical provenance analysis for endpoint detection and response systems,” in 2020 IEEE Symposium on Security and Privacy (SP).   IEEE, 2020, pp. 1172–1189.
  67. M. S. Barik, A. Sengupta, and C. Mazumdar, “Attack Graph Generation and Analysis Techniques,” Defence Science Journal, vol. 66, no. 6, p. 559, Oct. 2016. [Online]. Available: http://publications.drdo.gov.in/ojs/index.php/dsj/article/view/10795
  68. E. M. Clarke, “Model checking,” in Foundations of Software Technology and Theoretical Computer Science: 17th Conference Kharagpur, India, December 18–20, 1997 Proceedings 17.   Springer, 1997, pp. 54–56.
  69. E. Pauley, R. Sheatsley, B. Hoak, Q. Burke, Y. Beugin, and P. McDaniel, “Measuring and mitigating the risk of ip reuse on public clouds,” in 2022 IEEE Symposium on Security and Privacy (SP).   IEEE, 2022, pp. 558–575.
  70. G. Macher, E. Armengaud, E. Brenner, and C. Kreiner, “A review of threat analysis and risk assessment methods in the automotive context,” in Computer Safety, Reliability, and Security: 35th International Conference, SAFECOMP 2016, Trondheim, Norway, September 21-23, 2016, Proceedings 35.   Springer, 2016, pp. 130–141.
  71. Z. Wu, S. Pan, F. Chen, G. Long, C. Zhang, and P. S. Yu, “A comprehensive survey on graph neural networks,” IEEE Transactions on Neural Networks and Learning Systems, vol. 32, no. 1, pp. 4–24, 2021.
  72. D. Zhang, J. Yin, X. Zhu, and C. Zhang, “Network representation learning: A survey,” IEEE transactions on Big Data, vol. 6, no. 1, pp. 3–28, 2018.
  73. B. Settles, “Active learning literature survey,” 2009. [Online]. Available: http://digital.library.wisc.edu/1793/60660
  74. M. Angelini, S. Bonomi, S. Lenti, G. Santucci, and S. Taggi, “Mad: A visual analytics solution for multi-step cyber attacks detection,” Journal of Computer Languages, vol. 52, pp. 10–24, 2019.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now