Identifying a preferred countermeasure strategy for attack graphs

Attack graphs model possible paths that a potential attacker can use to intrude into a target network. They can be used in determining both proactive and reactive security measures. Attack graph generation is a process that includes vulnerability information processing, collecting network topology and application information, determining reachability conditions among network hosts, and applying the core graph building algorithm. This article introduces a classification scheme for a systematical study of the methods applied in each phase of the attack graph generation process, including the usage of attack graphs for network security. The related works in the literature are stated based on the proposed classification scheme and contributive ideas about potential challenges and open issues for attack graph generation and usage are provided.

ArXiv, 2019

Selecting the optimal set of countermeasures is a challenging task that involves various considerations and tradeoffs such as prioritizing the risks to mitigate and costs. The vast majority of studies for selecting a countermeasure deployment are based on a limited risk assessment procedure that utilizes the common vulnerability scoring system (CVSS). Such a risk assessment procedure does not necessarily consider the prerequisites and exploitability of a specific asset, cannot distinguish insider from outsider threat actor, and does not express the consequences of exploiting a vulnerability as well as the attacker's lateral movements. Other studies applied a more extensive risk assessment procedure that relies on manual work and repeated assessment. These solutions however, do not consider the network topology and do not specify the optimal position for deploying the countermeasures, and therefore are less practical. In this paper we suggest a heuristic search approach for selec...

2002

An attack graph is a succinct representation of all paths through a system that end in a state where an intruder has successfully achieved his goal. Today Red Teams determine the vulnerability of networked systems by drawing gigantic attack graphs by hand. Constructing attack graphs by hand is tedious, error-prone, and impractical for large systems. By viewing an attack as a violation of a safety property, we can use model checking to produce attack graphs automatically: a successful path from the intruder's viewpoint is a counterexample produced by the model checker. In this paper we present an algorithm for generating attack graphs using model checking. Security analysts use attack graphs for detection, defense, and forensics. In this paper we present a minimization technique that allows analysts to decide which minimal set of security measures would guarantee the safety of the system. We provide a formal characterization of this problem: we prove that it is polynomially equivalent to the minimum hitting set problem and we present a greedy algorithm with provable bounds. We also present a reliability technique that allows analysts to perform a simple cost-benefit analysis depending on the likelihoods of attacks. By interpreting attack graphs as Markov Decision Processes we can use a standard MDP value iteration algorithm to compute the probabilities of intruder success for each attack the graph. We illustrate our work in the context of a small example that includes models of a firewall and an intrusion detection system.

It is well-known that nowadays computers and networks that are unique in their computational and service provision power have also major weaknesses and vulnerabilities that can be exploited by outsiders in compromising the valuable data and knowledge. Network administrators and network security analysts must be aware of different properties of current software solutions and diversity of problems regarding the possible protection of network assets. This means that they must know and use the latest and newest types of vulnerabilities, techniques and tools. “Attack Graphs” present formalized network maps and help with analysis of possible vulnerabilities that may exist in the network. Hence, in this paper we will describe some basic concepts that can be used to understand and generate the attack graphs.

Abstract: Network attack graphs are directed graph-representations of possible attack paths and vulnerabilities in a computer network. Each attack path is a sequence of steps taken by an attacker to achieve one or more goals in the target system. While there are some variations in the representations of the graph proposed by different researchers, typically the edges represent possible actions (or exploits) available to an attacker, and vertices represent the possible states for the system and applications.

— Attack graph can provide clues for the network defender on how an attacker exploits the vulnerability on the network to achieve goals. System administrators use attack graph to determine how vulnerable their systems and to determine what security measures are used to maintain their systems. In a network of large and complex organizations, securing a network is a very challenging task. Attack graphs are very important in the effort to secure the network, because it can directly indicate the presence of vulnerabilities in network and how attackers use the vulnerabilities to implement an effective attack. In this paper, we will describe some very good algorithms can be used to generate the attack graph. Keywords— Generating Attack Graph; Network Security; Vulnerability Analysis; Attack Graph Generation Algorithm. I. INTRODUCTION Since the number of host in network continues to grow, it becomes increasingly more important to automate the process of evaluating their vulnerability to attack. When evaluating network security, rarely enough to consider the vulnerability of isolated existence. Large networks typically contain [1] multiple platforms and software packages, and employ multiple modes of connectivity. It is undeniable that the network has a security hole that could be spared from the observation, even by experienced administrators. The rapid growth of the internet affects the economic, political, cultural and many aspects of society. The deeper and wild internet applications, the clearer and more complex computer and network security issues are. Hackers and viruses can find more ways [2] to launch an attack with respect to the development of network technology. When analysing the network security of a company, it is important [3] to consider the multi-stage, multi-host attacks. A determined attacker is not possible to stop the machine he first compromise, but can be expected to try to penetrate more deeply into the network by jumping from one computer to another. For this reason, configuring a secure enterprise network is a daunting task for humans. There are many potential interactions between multiple hosts and components in the network, so that the configuration of the machine will affect the security of others in the network. Currently [5], in the field of network vulnerability analysis, there was an effective scanner to scan a single host or multiple vulnerabilities in the observed network. However, these tools only check the security hole from the isolated perspective. In order to objectively analyse network vulnerabilities, an analysis tool should be able to automatically make a systematic attack scenarios based on the vulnerability of the target network, service network, host connection and access authorization. Since the attack graph is suitable for simulating attack scenarios, network vulnerability analysis and the establishment of a defense mechanism, more and more attention is paid to them. As an important aspect of network security, computer security evaluation through the analysis of the computer network is very important and can protect us from being attacked. Attack graphs can provide a view of the security evaluation. In [6] describes a method for generating attack graphs for network security analysis. As computer networks continue to grow in size and complexity, assessing their susceptibility to attack is a real challenge. The combination of exploits is the typical means whereby an attacker breaks into a network. Attack graphs can describe the transition from the initial state to the target state, caused by the action of the attacker, and support the visual analysis [7]. The organization of the rest of this article is as follows. Section 2 introduces the attack graph generation. The algorithms for generating attack graph are given in Section 3. We give a conclusion in Section 4.

2006

In defending one's network against cyber attack, certain vulnerabilities may seem acceptable risks when considered in isolation. But an intruder can often infiltrate a seemingly well-guarded network through a multi-step intrusion, in which each step prepares for the next. Attack graphs can reveal the threat by enumerating possible sequences of exploits that can be followed to compromise given critical resources. However, attack graphs do not directly provide a solution to remove the threat.

2017 IEEE International Conference on Intelligence and Security Informatics (ISI), 2017

Attack graph technique is a common tool for the evaluation of network security. However, attack graphs are generally too large and complex to be understood and interpreted by security administrators. This paper proposes an analysis framework for security attack graphs for a given IT infrastructure system. First, in order to facilitate the discovery of interconnectivities among vulnerabilities in a network, multi-host multi-stage vulnerability analysis (MulVAL) is employed to generate an attack graph for a given network topology. Then a novel algorithm is applied to refine the attack graph and generate a simplified graph called a transition graph. Next, a Markov model is used to project the future security posture of the system. Finally, the framework is evaluated by applying it on a typical IT network scenario with specific services, network configurations, and vulnerabilities.

Network administrators are always faced with numerous challenges of identifying threats and in retrospect, securing the organization's network. The classical approach of identifying the vulnerability in the network is by using commercially developed tools that do not take into cognisance vulnerability interaction between network elements and their behavioral pattern.Therefore, network administrators have to take a hollistic methods to identify vulnerability interrelationships to be captured by an attack graph which will help in identifying all possible ways an attacker would have access to critical resources. The objective therefore is to design an attack graph–based approach for analyzing security vulnerabilities in enterprise networks, implement and evaluate performance of the approach. This work proposes an attack graph network security analyser based. The attack graph directly illustrates logical dependencies among attack goals and configuration information. In the attack graph, a node in the graph is a logical statement and an edge in the graph is represented by causality relation between network configurations and an attacker's potential privileges. The benchmark is just a collection of Datalog tuples representing the configuration of the synthesized networks, the graph generation CPU time was compared to Sheyner attack graph toolkit. The result in the graph shows the comparison of the graph builder CPU time for the case of a fully connected network and 5 vulnerabilities per host which shows Sheyner's tools grows exponentially.Some important contributions of this work include establishing an attack graph–based approach for enterprise networks security analysis that can capture generic security interactions and specify security relevant configuration information.

TIEMS Annual Conference, 2021

Attack graphs provide a representation of possible actions that adversaries can perpetrate to attack a system. They are used by cybersecurity experts to make decisions, e.g., to decide remediation and recovery plans. Different approaches can be used to build such graphs. We focus on logical attack graphs, based on predicate logic, to define the causality of adversarial actions. Since networks and vulnerabilities are constantly changing (e.g., new applications get installed on system devices, updated services get publicly exposed, etc.), we propose to enrich the attack graph generation approach with a semantic augmentation post-processing of the predicates. Graphs are now mapped to monitoring alerts confirming successful attack actions and updated according to network and vulnerability changes. As a result, predicates get periodically updated, based on attack evidences and ontology enrichment. This allows to verify whether changes lead the attacker to the initial goals or to cause further damage to the system not anticipated in the initial graphs. We illustrate the approach under the specific domain of cyber-physical security affecting smart cities. We validate the approach using existing tools and ontologies.