• PDF / 368,867 Bytes
• 12 Pages / 439.363 x 666.131 pts Page_size
• 90 Downloads / 225 Views

DOWNLOAD

REPORT

Abstract. Attack graph is a useful tool for enumerating multi-stage, multi-host attacks in organizational networks. It helps in understanding the diverse nature of threats and to decide on countermeasures which require on-the-fly implementation of custom algorithms for attack graph analysis. Existing approaches on interactive analysis of attack graph use relational database which lack data structures and operations related to graph. Graph databases enable storage of graph data and efficient querying of such data. In this paper, we present a graph data model for representing input information for attack graph generation. Also, we show how graph queries can be used to generate attack graph and facilitate its analysis. Keywords: Attack Graph, Graph Database, Graph Query.

1

Introduction

With ICT based systems becoming ever pervasive, securing such systems poses a great challenge. Number and types of attacks against such systems are on the rise and is a growing concern for security administrators. Incidentally, many of these attacks when considered in isolation are very simple and easy to detect. But in most of the cases misfeasors combine those attacks to launch multistage attacks against critical assets. Conventional defense approaches have been mostly host centric, where attention is given on identifying vulnerabilities of the individual hosts and taking measures to mitigate them. But these methods are less effective on the face of multistage attacks. Attack graph has been a useful tool for enumerating multi-stage, multi-host attacks in organizational networks. Without this tool it is very difficult even for experienced security analysts to manually discover, how an attacker can combine vulnerabilities in the same host or in connected hosts, to compromise critical resources in a manner hitherto unknown. And the task becomes even more difficult as the number of different vulnerabilities as well as the size of the network increase. An attack graph that shows all possible multi-stage, multi-host attack paths, is crucial to a security administrator, as it helps in understanding the diverse nature of threats and to decide on appropriate countermeasures. All this call for efficient scalable solution for attack graph generation and its analysis. Prior research work in this area tried to address these issues. G. Mart´ınez P´ erez et al. (Eds.): SNDS 2014, CCIS 420, pp. 239–250, 2014. c Springer-Verlag Berlin Heidelberg 2014 

240

M.S. Barik and C. Mazumdar

Most of the existing approaches of attack graph analysis use proprietary algorithms and do not necessarily always use standard graph based algorithms only. In many situations, such analysis techniques may need to be adapted frequently due to changes in host/network configuration and/or security objectives. Thus, there is always a need for a solution which allows interactive analysis of attack graph. Wang et al. [14] first addressed this issue and proposed a relational model for representing network configurations and domain knowledge. They showed how attack graph can be generated

Recommend Documents

Compressed graph representation for scalable molecular graph generation

200 33 2MB

Scalable attack on graph data by injecting vicious nodes

173 59 1MB

A Novel Defending Scheme for Graph-Based Classification Against Graph Structure Manipulating Attack

129 17 48MB

Data Analysis Based on Knowledge Graph

219 43 54MB

A hierarchical graph model for object cosegmentation

175 25 984KB

Graph Data Structure

171 1 2MB

Automatic Story Generation Based on Graph Model Using Godot Engine

250 27 86MB

A Network Attack Recognition Method Based on Probability Target Graph

155 57 87MB

Game Theory on Attack Graph for Cyber Deception

176 38 32MB

Spatio-Temporal Graph Convolutional Networks for DDoS Attack Detecting

159 56 66MB

A Graph Repository for Learning Error-Tolerant Graph Matching

192 23 5MB

Python for Graph and Network Analysis

262 76 13MB