nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Differential Attack Graph-Based Approach for Assessing Change in the Network Attack Surface

verfasst von : Ghanshyam S. Bopche, Gopal N. Rai, B. Ramchandra Reddy, B. M. Mehtre

Erschienen in: Information Systems Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Assessing change in an attack surface of dynamic computer networks is a formidable challenge. Researchers have previously looked into the problem of measuring network risk and used an attack graph (AG) for network hardening. However, such AG-based approaches do not consider the likely variations in the attack surface. Further, even though it is possible to generate attack graphs for a realistic network efficiently, resulting graphs poses a severe challenge to human comprehension. To overcome such problems, in this paper, we present a differential attack graph-based change detection technique. We proposed a change distribution matrix-based technique to discern differences in the network attack surface. Our method not only detects the degree of change in the network attack surface but also finds the root causes in a time-efficient manner. We use a synthetic network to illustrate the approach and perform a set of simulations to evaluate the performance. Experimental results show that our technique is capable of assessing changes in the attack surface, and thus can be used in practice for network hardening.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Anti-forensics of a NAD-JPEG Detection Scheme Using Estimation of DC Coefficients

Bhattacharya, P., Ghosh, S.K.: Analytical framework for measuring network security using exploit dependency graph. IET Inf. Secur. 6(4), 264–270 (2012)CrossRef

Bondy, J.A., Murty, U.S.R., et al.: Graph Theory with Applications, vol. 290. Macmillan, London (1976)CrossRef

Bopche, G.S., Mehtre, B.M.: Extending attack graph-based metrics for enterprise network security management. In: Nagar, A., Mohapatra, D.P., Chaki, N. (eds.) Proceedings of 3rd International Conference on Advanced Computing, Networking and Informatics. SIST, vol. 44, pp. 315–325. Springer, New Delhi (2016). https://doi.org/10.1007/978-81-322-2529-4_33CrossRef

Bopche, G.S., Mehtre, B.M.: Graph similarity metrics for assessing temporal changes in attack surface of dynamic networks. Comput. Secur. 64, 16–43 (2017)CrossRef

Bunke, H., Shearer, K.: A graph distance metric based on the maximal common subgraph. Pattern Recogn. Lett. 19(3–4), 255–259 (1998)CrossRef

Chung, F., Lu, L.: Connected components in random graphs with given expected degree sequences. Ann. Comb. 6(2), 125–145 (2002)MathSciNetCrossRef

CVE: Common vulnerabilities and exposures. https://cve.mitre.org/

Cybenko, G., Jajodia, S., Wellman, M.P., Liu, P.: Adversarial and uncertain reasoning for adaptive cyber defense: building the scientific foundation. In: Prakash, A., Shyamasundar, R. (eds.) ICISS 2014. LNCS, vol. 8880, pp. 1–8. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13841-1_1CrossRef

Dai, F., Hu, Y., Zheng, K., Wu, B.: Exploring risk flow attack graph for security risk assessment. IET Inf. Secur. 9(6), 344–353 (2015)CrossRef

10.

GhasemiGol, M., Ghaemi-Bafghi, A., Takabi, H.: A comprehensive approach for network attack forecasting. Comput. Secur. 58, 83–105 (2016)CrossRef

11.

Ghosh, N., Chokshi, I., Sarkar, M., Ghosh, S.K., Kaushik, A.K., Das, S.K.: NetSecuritas: an integrated attack graph-based security assessment tool for enterprise networks. In: Proceedings of the International Conference on Distributed Computing and Networking, p. 30. ACM (2015)

12.

Huang, Z.: Human-centric training and assessment for cyber situation awareness. Ph.D. thesis, University of Delaware (2015)

13.

Idika, N., Bhargava, B.: Extending attack graph-based security metrics and aggregating their application. IEEE Trans. Dependable Secure Comput. 9(1), 75–85 (2012)CrossRef

14.

Ingols, K., Chu, M., Lippmann, R., Webster, S., Boyer, S.: Modeling modern network attacks and countermeasures using attack graphs. In: 2009 Annual Computer Security Applications Conference, pp. 117–126. IEEE (2009)

15.

Jajodia, S., Noel, S., Kalapa, P., Albanese, M., Williams, J.: Cauldron-mission-centric cyber situational awareness with defense in depth (2011)

16.

Kaynar, K.: A taxonomy for attack graph generation and usage in network security. J. Inf. Secur. Appl. 29, 27–56 (2016)

17.

Koutra, D., Vogelstein, J.T., Faloutsos, C.: DELTACON: a principled massive-graph similarity function. In: Proceedings of the 2013 SIAM International Conference on Data Mining, pp. 162–170. SIAM (2013)

18.

Kundu, A., Ghosh, S.K.: A multi-objective search strategy to select optimal network hardening measures. Int. J. Decis. Support Syst. 1(1), 130–148 (2015)CrossRef

19.

Kvasnicka, V., Pospichal, J.: Fast evaluation of chemical distance by tabu search algorithm. J. Chem. Inf. Comput. Sci. 34(5), 1109–1112 (1994)CrossRef

20.

Liao, Q., Striegel, A.: Intelligent network management using graph differential anomaly visualization. In: 2012 IEEE Network Operations and Management Symposium, pp. 1008–1014. IEEE (2012)

21.

Manadhata, P., Wing, J.: Measuring a system’s attack surface. Technical report CMU-CS-04-102, January 2004

22.

Manadhata, P., Wing, J.: An attack surface metric. IEEE Trans. Softw. Eng. 37(3), 371–386 (2011)CrossRef

23.

Messmer, B.: Efficient graph matching algorithms for preprocessed model graphs (1996)

24.

Messmer, B., Bunke, H.: A new algorithm for error-tolerant subgraph isomorphism detection. IEEE Trans. Pattern Anal. Mach. Intell. 20(5), 493–504 (1998)CrossRef

25.

Ning, P., Xu, D.: Learning attack strategies from intrusion alerts. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 200–209. ACM (2003)

26.

Noel, S., Jajodia, S.: Understanding complex network attack graphs through clustered adjacency matrices. In: 21st Annual Computer Security Applications Conference, ACSAC 2005, pp. 10-pp. IEEE (2005)

27.

Noel, S., Jajodia, S.: Metrics suite for network attack graph analytics. In: CISR 2014, pp. 5–8 (2014)

28.

Noel, S., Jajodia, S.: A suite of metrics for network attack graph analytics. In: Wang, L., Jajodia, S., Singhal, A. (eds.) Network Security Metrics, pp. 141–176. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66505-4_7CrossRef

29.

Noel, S., Jajodia, S., O’Berry, B., Jacobs, M.: Efficient minimum-cost network hardening via exploit dependency graphs. In: Proceedings of 19th Annual Computer Security Applications Conference, pp. 86–95. IEEE (2003)

30.

Noel, S., Wang, L., Singhal, A., Jajodia, S.: Measuring security risk of networks using attack graphs. IJNGC 1, 135–147 (2010)

31.

Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 336–345. ACM (2006)

32.

Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: USENIX Security Symposium, Baltimore, MD, vol. 8, pp. 113–128 (2005)

33.

Pamula, J., Jajodia, S., Ammann, P., Swarup, V.: A weakest-adversary security metric for network configuration security analysis. In: Proceedings of the 2nd ACM workshop on Quality of Protection, pp. 31–38. ACM (2006)

34.

Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Secure Comput. 9(1), 61–74 (2012)CrossRef

35.

Raymond, J.W., Gardiner, E.J., Willett, P.: RASCAL: calculation of graph similarity using maximum common edge subgraphs. Comput. J. 45(6), 631–644 (2002)CrossRef

36.

Showbridge, P., Kraetzl, M., Ray, D.: Detection of abnormal change in dynamic networks. In: Proceedings of Information, Decision and Control, IDC 1999, pp. 557–562 (1999)

37.

Tupper, M., Zincir-Heywood, A.N.: VEA-bility security metric: a network security analysis tool. In: 2008 Third International Conference on Availability, Reliability and Security, pp. 950–957. IEEE (2008)

38.

Wang, L., Jajodia, S., Singhal, A., Cheng, P., Noel, S.: k-zero day safety: a network security metric for measuring the risk of unknown vulnerabilities. IEEE Trans. Dependable Secure Comput. 11(1), 30–44 (2014)CrossRef

39.

Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Comput. Commun. 29(18), 3812–3824 (2006)CrossRef

Titel: Differential Attack Graph-Based Approach for Assessing Change in the Network Attack Surface
verfasst von: Ghanshyam S. Bopche
Gopal N. Rai
B. Ramchandra Reddy
B. M. Mehtre
Verlag: Springer International Publishing
Buch: Information Systems Security
Print ISBN: 978-3-030-36944-6

Electronic ISBN: 978-3-030-36945-3

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-36945-3_18

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner