Top

Published in:

2024 | OriginalPaper | Chapter

Cyber Key Terrain Identification Using Adjusted PageRank Centrality

Authors : Lukáš Sadlek, Pavel Čeleda

Published in: ICT Systems Security and Privacy Protection

Publisher: Springer Nature Switzerland

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The chapter introduces a method for identifying key IP addresses in cyber terrain using an adjusted PageRank centrality measure. By considering communication-specific damping factors based on IP flows, the approach enhances the accuracy of critical host classification. The method employs machine learning techniques such as hill climbing and random walk to learn optimal damping factors, which are then used in a dynamic stream-based PageRank computation. The evaluation, conducted on datasets from a cyber defense exercise and a campus network, demonstrates the superior performance of the adjusted method compared to the default PageRank algorithm. The chapter also discusses the limitations and practical implications of the proposed method, making it a valuable resource for cybersecurity professionals.

AI Generated

This summary of the content was generated with the help of AI.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Business + Economics & Engineering + Technology"

Online-Abonnement

Springer Professional "Business + Economics & Engineering + Technology" gives you access to:

more than 102.000 books
more than 537 journals

from the following subject areas:

Automotive
Construction + Real Estate
Business IT + Informatics
Electrical Engineering + Electronics
Energy + Sustainability
Finance + Banking
Management + Leadership
Marketing + Sales
Mechanical Engineering + Materials
Insurance + Risk

Secure your knowledge advantage now!

inform now

Springer Professional "Engineering + Technology"

Online-Abonnement

Springer Professional "Engineering + Technology" gives you access to:

more than 67.000 books
more than 390 journals

from the following specialised fileds:

Automotive
Business IT + Informatics
Construction + Real Estate
Electrical Engineering + Electronics
Energy + Sustainability
Mechanical Engineering + Materials

Secure your knowledge advantage now!

inform now

Springer Professional "Business + Economics"

Online-Abonnement

Springer Professional "Business + Economics" gives you access to:

more than 67.000 books
more than 340 journals

from the following specialised fileds:

Construction + Real Estate
Business IT + Informatics
Finance + Banking
Management + Leadership
Marketing + Sales
Insurance + Risk

Secure your knowledge advantage now!

inform now

previous chapter MADONNA: Browser-Based MAlicious Domain Detection Through Optimized Neural Network with Feature Analysis

next chapter Machine Learning Metrics for Network Datasets Evaluation

Barreto, A.B., Costa, P.C.: Cyber-ARGUS - a mission assurance framework. J. Netw. Comput. Appl. 133, 86–108 (2019). https://doi.org/10.1016/j.jnca.2019.02.001CrossRef

Brin, S., Page, L.: The anatomy of a large-scale hypertextual web search engine. Comput. Netw. ISDN Syst. 30(1), 107–117 (1998). https://doi.org/10.1016/S0169-7552(98)00110-XCrossRef

Caralli, R.A., Allen, J.H., White, D.W.: CERT Resilience Management Model - CERT-RMM. Addison-Wesley Educational Publishers Inc. (2016)

Gartner Unveils the Top Eight Cybersecurity Predictions for 2022-23. Gartner, Inc. https://www.gartner.com/en/newsroom/press-releases/2022-06-21-gartner-unveils-the-top-eight-cybersecurity-predictio. Accessed 3 Feb 2023

Goodall, J.R., D’Amico, A., Kopylec, J.K.: Camus: automatically mapping cyber assets to missions and users. In: MILCOM 2009-2009 IEEE Military Communications Conference, pp. 1–7. IEEE (2009). https://doi.org/10.1109/MILCOM.2009.5380096

Guion, J., Reith, M.: Cyber terrain mission mapping: tools and methodologies. In: 2017 International Conference on Cyber Conflict (CyCon US), pp. 105–111. IEEE (2017). https://doi.org/10.1109/CYCONUS.2017.8167504

Hofstede, R., et al.: Flow monitoring explained: from packet capture to data analysis with NetFlow and IPFIX. IEEE Commun. Surv. Tutor. 16(4), 2037–2064 (2014). https://doi.org/10.1109/COMST.2014.2321898CrossRef

Jacobson, S.H., Yücesan, E.: Analyzing the performance of generalized hill climbing algorithms. J. Heuristics 10, 387–405 (2004). https://doi.org/10.1023/B:HEUR.0000034712.48917.a9CrossRef

Kay, B., Lu, H., Devineni, P., Tabassum, A., Chintavali, S., Lee, S.M.: Identification of critical infrastructure via PageRank. In: 2021 IEEE International Conference on Big Data (Big Data), pp. 3685–3690 (2021). https://doi.org/10.1109/BigData52589.2021.9671620

10.

Kim, A., Kang, M.H.: Determining asset criticality for cyber defense. Technical report, Naval Research Laboratory (2011). https://apps.dtic.mil/sti/pdfs/ADA550373.pdf

11.

Motzek, A., Möller, R.: Context- and bias-free probabilistic mission impact assessment. Comput. Secur. 65, 166–186 (2017). https://doi.org/10.1016/j.cose.2016.11.005CrossRef

12.

Musman, S., Tanner, M., Temin, A., Elsaesser, E., Loren, L.: A systems engineering approach for crown jewels estimation and mission assurance decision making. In: 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), pp. 210–216. IEEE (2011). https://doi.org/10.1109/CICYBS.2011.5949403

13.

Netbox documentation (2022). https://netbox.readthedocs.io/en/stable/. Accessed 15 Dec 2022

14.

Noel, S., Dudman, T., Trepagnier, P., Badesha, S.: Mission models for cyber-resilient military operations. Technical report, MIT Lincoln Laboratory Lexington United States (2018). https://apps.dtic.mil/sti/pdfs/AD1091410.pdf

15.

Oliva, G., Esposito Amideo, A., Starita, S., Setola, R., Scaparra, M.P.: Aggregating centrality rankings: a novel approach to detect critical infrastructure vulnerabilities. In: Nadjm-Tehrani, S. (ed.) CRITIS 2019. LNCS, vol. 11777, pp. 57–68. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-37670-3_5CrossRef

16.

Orion Platform – Scalable IT Monitoring. SolarWinds (2022). https://www.solarwinds.com/solutions/orion. Accessed 15 Dec 2022

17.

Raymond, D., Cross, T., Conti, G., Nowatkowski, M.: Key terrain in cyberspace: seeking the high ground. In: 2014 6th International Conference on Cyber Conflict (CyCon 2014), pp. 287–300 (2014). https://doi.org/10.1109/CYCON.2014.6916409

18.

Rozenshtein, P., Gionis, A.: Temporal PageRank. In: Frasconi, P., Landwehr, N., Manco, G., Vreeken, J. (eds.) ECML PKDD 2016. LNCS, vol. 9852, pp. 674–689. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46227-1_42CrossRef

19.

Sadlek, L., Čeleda, P.: Supplementary materials: cyber key terrain identification using adjusted PageRank centrality. Zenodo (2023). https://doi.org/10.5281/zenodo.7884228. Accessed 2 May 2023

20.

Selman, B., Kautz, H.A., Cohen, B., et al.: Noise strategies for improving local search. In: AAAI, vol. 94, pp. 337–343 (1994). https://cdn.aaai.org/AAAI/1994/AAAI94-051.pdf

21.

Silva, F.R.L., Jacob, P.: Mission-centric risk assessment to improve cyber situational awareness. In: Proceedings of the 13th International Conference on Availability, Reliability and Security. ARES 2018. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3230833.3233281

22.

Stergiopoulos, G., Theocharidou, M., Kotzanikolaou, P., Gritzalis, D.: Using centrality measures in dependency risk graphs for efficient risk mitigation. In: Rice, M., Shenoi, S. (eds.) ICCIP 2015. IFIPAICT, vol. 466, pp. 299–314. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26567-4_18CrossRef

23.

Sun, X., Singhal, A., Liu, P.: Who touched my mission: towards probabilistic mission impact assessment. In: Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense. SafeConfig 2015, pp. 21–26. Association for Computing Machinery, New York (2015). https://doi.org/10.1145/2809826.2809834

24.

Tovarňák, D., Špaček, S., Vykopal, J.: Traffic and log data captured during a cyber defense exercise. Data Brief 31, 105784 (2020). https://doi.org/10.1016/j.dib.2020.105784CrossRef

25.

Tovarňák, D., Špaček, S., Vykopal, J.: Traffic and log data captured during a cyber defense exercise. Zenodo (2020). https://doi.org/10.5281/zenodo.3746129. Accessed 9 Mar 2023

26.

Trammell, B., Boschi, E.: Bidirectional flow export using IP Flow Information Export (IPFIX). RFC 5103, Internet Engineering Task Force (2008). http://www.ietf.org/rfc/rfc5103.txt. Accessed 5 Mar 2023

Title: Cyber Key Terrain Identification Using Adjusted PageRank Centrality
Authors: Lukáš Sadlek
Pavel Čeleda
Publisher: Springer Nature Switzerland
Book: ICT Systems Security and Privacy Protection
Print ISBN: 978-3-031-56325-6

Electronic ISBN: 978-3-031-56326-3

Copyright Year: 2024
DOI: https://doi.org/10.1007/978-3-031-56326-3_21

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Business + Economics & Engineering + Technology"

Springer Professional "Engineering + Technology"

Springer Professional "Business + Economics"