An Attack Graph Based Approach for Threat Identification of an Enterprise Network

As networks continue to grow in size and complexity, automatic assessment of the security vulnerability becomes increasingly important. The typical means by which an attacker breaks into a network is through a series of exploits, where each exploit in the series satisfies the pre-condition for subsequent exploits and makes a causal relationship among them. Such a series of exploits constitutes an attack path where the set of all possible attack paths form an attack graph. Attack graphs reveal the threat by enumerating all possible sequences of exploits that can be followed to compromise a given critical resource. The contribution of this chapter is to identify the most probable attack path based on the attack surface measures of the individual hosts for a given network and also identify the minimum possible network securing options for a given attack graph in an automated fashion. The identified network securing options are exhaustive and the proposed approach aims at detecting cycles in forward reachable attack graphs. As a whole, the chapter deals with identification of probable attack path and risk mitigation which may facilitate in improving the overall security of an enterprise network.

Download Full-text

Attack Graph Analysis for Network Anti-Forensics

International Journal of Digital Crime and Forensics ◽

10.4018/ijdcf.2014010103 ◽

2014 ◽

Vol 6 (1) ◽

pp. 28-50 ◽

Cited By ~ 2

Author(s):

Rahul Chandran ◽

Wei Q. Yan

Keyword(s):

Cyber Attacks ◽

Successful Implementation ◽

Graph Analysis ◽

Test Bed ◽

Network Attacks ◽

Attack Graphs ◽

Defense Strategies ◽

Attack Graph ◽

Attack Path ◽

First Time

The development of technology in computer networks has boosted the percentage of cyber-attacks today. Hackers are now able to penetrate even the strongest IDS and firewalls. With the help of anti-forensic techniques, attackers defend themselves, from being tracked by destroying and distorting evidences. To detect and prevent network attacks, the main modus of operandi in network forensics is the successful implementation and analysis of attack graph from gathered evidences. This paper conveys the main concepts of attack graphs, requirements for modeling and implementation of graphs. It also contributes the aspect of incorporation of anti-forensic techniques in attack graph which will help in analysis of the diverse possibilities of attack path deviations and thus aids in recommendation of various defense strategies for better security. To the best of our knowledge, this is the first time network anti-forensics has been fully discussed and the attack graphs are employed to analyze the network attacks. The experimental analysis of anti-forensic techniques using attack graphs were conducted in the proposed test-bed which helped to evaluate the model proposed and suggests preventive measures for the improvement of security of the networks.

Download Full-text

Differential Attack Graph-Based Approach for Assessing Change in the Network Attack Surface

Information Systems Security - Lecture Notes in Computer Science ◽

10.1007/978-3-030-36945-3_18 ◽

2019 ◽

pp. 324-344

Author(s):

Ghanshyam S. Bopche ◽

Gopal N. Rai ◽

B. Ramchandra Reddy ◽

B. M. Mehtre

Keyword(s):

Differential Attack ◽

Network Attack ◽

Attack Graph ◽

Attack Surface

Download Full-text

Semi-automatic Assessment of I/O Behavior by Inspecting the Individual Client-Node Timelines—An Explorative Study on $$10^{6}$$ Jobs

Lecture Notes in Computer Science - High Performance Computing ◽

10.1007/978-3-030-50743-5_9 ◽

2020 ◽

pp. 166-184 ◽

Cited By ~ 1

Author(s):

Eugen Betke ◽

Julian Kunkel

Keyword(s):

Automatic Assessment ◽

Explorative Study ◽

Individual Client ◽

Client Node ◽

The Individual

Download Full-text

Exploiting Domination in Attack Graph for Enterprise Network Hardening

Communications in Computer and Information Science - Security in Computing and Communications ◽

10.1007/978-3-319-22915-7_32 ◽

2015 ◽

pp. 342-353 ◽

Cited By ~ 1

Author(s):

Ghanshyam S. Bopche ◽

Babu M. Mehtre

Keyword(s):

Enterprise Network ◽

Attack Graph

Download Full-text

New Insights into Approaches to Evaluating Intention and Path for Network Multistep Attacks

Mathematical Problems in Engineering ◽

10.1155/2018/4278632 ◽

2018 ◽

Vol 2018 ◽

pp. 1-13 ◽

Cited By ~ 2

Author(s):

Hao Hu ◽

Yuling Liu ◽

Yingjie Yang ◽

Hongqi Zhang ◽

Yuchen Zhang

Keyword(s):

Success Probability ◽

Security Policies ◽

Attack Graph ◽

The Public ◽

Absorbing Markov Chain ◽

Monotonicity Assumption ◽

Attack Path ◽

Security Evaluations ◽

Public Datasets ◽

Evaluation Approaches

The attack graph (AG) is an abstraction technique that reveals the ways an attacker can use to leverage vulnerabilities in a given network to violate security policies. The analyses developed to extract security-relevant properties are referred to as AG-based security evaluations. In recent years, many evaluation approaches have been explored. However, they are generally limited to the attacker’s “monotonicity” assumption, which needs further improvements to overcome the limitation. To address this issue, the stochastic mathematical model called absorbing Markov chain (AMC) is applied over the AG to give some new insights, namely, the expected success probability of attack intention (EAIP) and the expected attack path length (EAPL). Our evaluations provide the preferred mitigating target hosts and the vulnerabilities patching prioritization of middle hosts. Tests on the public datasets DARPA2000 and Defcon’s CTF23 both verify that our evaluations are available and reliable.

Download Full-text

A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction

Security and Communication Networks ◽

10.1155/2021/6378218 ◽

2021 ◽

Vol 2021 ◽

pp. 1-15

Author(s):

Yazhuo Gao ◽

Guomin Zhang ◽

Changyou Xing

Keyword(s):

Capture Rate ◽

Prediction Method ◽

Prototype System ◽

Attack Graph ◽

Active Defense ◽

Deployment Strategy ◽

Dynamic Deployment ◽

Attack Path ◽

Path Prediction ◽

Attack And Defense

As an important deception defense method, a honeypot can be used to enhance the network’s active defense capability effectively. However, the existing rigid deployment method makes it difficult to deal with the uncertain strategic attack behaviors of the attackers. To solve such a problem, we propose a multiphase dynamic deployment mechanism of virtualized honeypots (MD2VH) based on the intelligent attack path prediction method. MD2VH depicts the attack and defense characteristics of both attackers and defenders through the Bayesian state attack graph, establishes a multiphase dynamic deployment optimization model of the virtualized honeypots based on the extended Markov’s decision-making process, and generates the deployment strategies dynamically by combining the online and offline reinforcement learning methods. Besides, we also implement a prototype system based on software-defined network and virtualization container, so as to evaluate the effectiveness of MD2VH. Experiments results show that the capture rate of MD2VH is maintained at about 90% in the case of both simple topology and complex topology. Compared with the simple intelligent deployment strategy, such a metric is increased by 20% to 60%, and the result is more stable under different types of the attacker’s strategy.

Download Full-text

Pengaruh Beban Kerja Terhadap Kinerja Pramugraha: Studi Kasus Di Marbella Suites Bandung

Jurnal Kepariwisataan: Destinasi, Hospitalitas dan Perjalanan ◽

10.34013/jk.v2i2.23 ◽

2020 ◽

Vol 2 (2) ◽

pp. 68-80

Author(s):

ER Ummi Kalsum

Keyword(s):

Causal Relationship ◽

Applied Research ◽

The State ◽

The Other ◽

Severe Condition ◽

Productivity Level ◽

Weight Category ◽

Is Research ◽

The Individual ◽

Productive Time

This research is associative research with a causal relationship based on the explanation level, that is how this research is explained. Associative research is research in which the aim is to find a relationship or influence between two or more variables that serve to explain, predict and control certain symptoms. While the causal relationship is the cause-effect relationship, where X Influences Y. This research when viewed from the goal is applied research or applied research, which is "research that aims to obtain discoveries related to the application of certain theories" This research is practical by testing theory in the face of real problems in certain situations. The results of this study note that the workload of pramugraha in Marbella Suites Bandung needs to be re-examined so that the workload delegated to pramugraha more optimal. The individual workload of the pramugraha who is still in severe condition indicates an imbalance in the workload. Of the 15 questions based on 10 workload indicators, there are 13 aspects that are still in the weight category, while the other 3 are in enough category. The heaviest dimension according to the pramugraha response is the state of the room followed by productive time, productivity level, and type of work. However, the dimension of productive time has a greater effect on performance compared to other workload dimensions. The dimensions of work, the state of the room, and the level of productivity follow in a row in affecting the performance of pramugraha at Marbella Suites Bandung. Performance pramugraha Marbella Suites Bandung is in the bad category which means that the performance of pramttgraha should be optimized for pramugraha productivity can be better. There are 5 out of 10 indispensable indicators of communication skills, how the work is done, the discipline, the outcomes of work, and how the work is done. The other, five indicators are sufficiently categorized, namely loyalty, reliability, leadership, service to guests, and multicultural governance. The most severe dimensions based on pramugraha responses are objective results followed by behavior and personality. Delivered workloads contribute significantly to the performance of pramugraha at Marbella Suites Bandung. The performance of pramugraha will adjust to the workload carried by the steward. Workload affects performance by 59%. Based on table 4:40 about the correlation between workload with pramugraha performance in Marbella Suites Bandung, the effect of workload load on performance is 0.767 which means that there is a strong influence between two variables positively and significantly. So it can be concluded that the influence of workload on pramugraha performance in Marbella Suites Bandung is 59% and 41% other influenced by other factors outside the workload. This shows a strong correlation between workload and pramugraha performance in Marbella Suites Bandung.

Download Full-text

Attack path analysis of power monitoring system based on attack graph

IOP Conference Series Earth and Environmental Science ◽

10.1088/1755-1315/645/1/012064 ◽

2021 ◽

Vol 645 ◽

pp. 012064

Author(s):

Xiaojian Zhang ◽

Qi Wang ◽

Xiangqun Wang ◽

Run Zhang

Keyword(s):

Path Analysis ◽

Monitoring System ◽

Power Monitoring ◽

Attack Graph ◽

Attack Path

Download Full-text

Multistage Attack Graph Security Games: Heuristic Strategies, with Empirical Game-Theoretic Analysis

Security and Communication Networks ◽

10.1155/2018/2864873 ◽

2018 ◽

Vol 2018 ◽

pp. 1-28 ◽

Cited By ~ 6

Author(s):

Thanh H. Nguyen ◽

Mason Wright ◽

Michael P. Wellman ◽

Satinder Singh

Keyword(s):

Cyber Attacks ◽

Attack Graphs ◽

Game Analysis ◽

Attack Graph ◽

Game Theoretic Analysis ◽

Security Environment ◽

Heuristic Strategies ◽

Security Games ◽

Game Theoretic ◽

Security Game

We study the problem of allocating limited security countermeasures to protect network data from cyber-attacks, for scenarios modeled by Bayesian attack graphs. We consider multistage interactions between a network administrator and cybercriminals, formulated as a security game. This formulation is capable of representing security environments with significant dynamics and uncertainty and very large strategy spaces. We propose parameterized heuristic strategies for the attacker and defender and provide detailed analysis of their time complexity. Our heuristics exploit the topological structure of attack graphs and employ sampling methods to overcome the computational complexity in predicting opponent actions. Due to the complexity of the game, we employ a simulation-based approach and perform empirical game analysis over an enumerated set of heuristic strategies. Finally, we conduct experiments in various game settings to evaluate the performance of our heuristics in defending networks, in a manner that is robust to uncertainty about the security environment.

Download Full-text

Computer Network Attack Modeling and Network Attack Graph Study

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.1079-1080.816 ◽

2014 ◽

Vol 1079-1080 ◽

pp. 816-819 ◽

Cited By ~ 1

Author(s):

Yuan Qin

Keyword(s):

Network Security ◽

Computer Network ◽

Multiple Point ◽

Network Attack ◽

Network Information ◽

Attack Graph ◽

Attack Modeling ◽

Network Intrusion ◽

Single Host ◽

Attack Path

With the development of computer network and rapid popularity of Internet, network information security has become the focus of safeguarding national security and social stability. In the network security event, the hacker often can’t successfully intrude into the network by means of a single host / services hacker. With the help of various kinds of "vulnerability" generated bydifferent relationship existing in multiple point multiple host, the hacker can achieve the purpose of network intrusion. Therefore one important aspect of network security is after obtaining the vulnerability of the network information, considering a combination of multiple exploits and analyzing the attack path of network penetration attacks that the attacker may take.

Download Full-text