Alyzia-Maria Konsta,Gemma Di Federico,Alberto Lluch Lafuente,Andrea Burattin

2024-09-12

Abstract:Attack Trees are a graphical model of security used to study threat scenarios. While visually appealing and supported by solid theories and effective tools, one of their main drawbacks remains the amount of effort required by security experts to design them from scratch. This work aims to remedy this by providing a method for the automatic generation of Attack Trees from attack logs. The main original feature of our approach w.r.t existing ones is the use of Process Mining algorithms to synthesize Attack Trees, which allow users to customize the way a set of logs are summarized as an Attack Tree, for example by discarding statistically irrelevant events. Our approach is supported by a prototype that, apart from the derivation and translation of the model, provides the user with an Attack Tree in the RisQFLan format, a tool used for quantitative risk modeling and analysis with Attack Trees. We illustrate our approach with the case study of attacks on a communication protocol, produced by a state-of-the-art protocol analyzer.

Cryptography and Security,Formal Languages and Automata Theory

Raffaela Groner,Thomas Witte,Alexander Raschke,Sophie Hirn,Irdin Pekaric,Markus Frick,Matthias Tichy,Michael Felderer

DOI: https://doi.org/10.1007/978-3-031-40923-3_9

2023-09-19

Abstract:Joint safety and security analysis of cyber-physical systems is a necessary step to correctly capture inter-dependencies between these properties. Attack-Fault Trees represent a combination of dynamic Fault Trees and Attack Trees and can be used to model and model-check a holistic view on both safety and security. Manually creating a complete AFT for the whole system is, however, a daunting task. It needs to span multiple abstraction layers, e.g., abstract application architecture and data flow as well as system and library dependencies that are affected by various vulnerabilities. We present an AFT generation tool-chain that facilitates this task using partial Fault and Attack Trees that are either manually created or mined from vulnerability databases. We semi-automatically create two system models that provide the necessary information to automatically combine these partial Fault and Attack Trees into complete AFTs using graph transformation rules.

Cryptography and Security,Formal Languages and Automata Theory,Software Engineering

Olga Gadyatskaya,Sjouke Mauw,Rolando Trujillo-Rasuac,Tim A. C.Willemse

2024-07-10

Abstract:This article addresses the problem of automatically generating attack trees that soundly and clearly describe the ways the system can be attacked. Soundness means that the attacks displayed by the attack tree are indeed attacks in the system; clarity means that the tree is efficient in communicating the attack scenario. To pursue clarity, we introduce an attack-tree generation algorithm that minimises the tree size and the information length of its labels without sacrificing correctness. We achieve this by i) introducing a system model that allows to reason about attacks and goals in an efficient manner, and ii) by establishing a connection between the problem of factorising algebraic expressions and the problem of minimising the tree size. To the best of our knowledge, we introduce the first attack-tree generation framework that optimises the labelling and shape of the generated trees, while guaranteeing their soundness with respect to a system specification.

Cryptography and Security,Formal Languages and Automata Theory

Alyzia-Maria Konsta,Beatrice Spiga,Alberto Lluch Lafuente,Nicola Dragoni

2023-09-26

Abstract:Graphical security models constitute a well-known, user-friendly way to represent the security of a system. These kinds of models are used by security experts to identify vulnerabilities and assess the security of a system. The manual construction of these models can be tedious, especially for large enterprises. Consequently, the research community is trying to address this issue by proposing methods for the automatic generation of such models. In this work, we present a survey illustrating the current status of the automatic generation of two kinds of graphical security models -Attack Trees and Attack Graphs. The goal of this survey is to present the current methodologies used in the field, compare them and present the challenges and future directions for the research community.

Cryptography and Security

Anming Xie,Guodong Chen,Yonggang Wang,Zhong Chen,Jianbin Hu

2009-01-01

Abstract:To address the scalability problem in attack graphs generation, we propose a novel method to generate attack graphs automatically. Our approach constructs a two- tier attack graph framework, which includes a host access graph and some sub-attack graphs .A sub-attack graph describes concrete attack scenarios from one source host to one target host, while the host access graph describes the attacker's privilege transition among hosts. Our sub-attack graphs and host access graph have remarkable smaller scales and can help network administrators to find the key hosts in attack sequences. Analysis shows that the upper bound computational cost of our model is O(N 3 ), which could also be competed in real time. The following experiment validates our approach. Keywords-network security; attack graphs; host access graph; sub-attack graph; I. INTRODUCTION

Jeremy Straub

DOI: https://doi.org/10.1109/smartcloud49737.2020.00035

2020-11-01

Abstract:Multiple techniques for modeling cybersecurity attacks and defense have been developed. The use of tree- structures as well as techniques proposed by several firms (such as Lockheed Martin’s Cyber Kill Chain, Microsoft’s STRIDE and the MITRE ATT&CK frameworks) have all been demonstrated. These approaches model actions that can be taken to attack or stopped to secure infrastructure and other resources, at different levels of detail. This paper builds on prior work on using the Blackboard Architecture for cyberwarfare and proposes a generalized solution for modeling framework/paradigm-based attacks that go beyond the deployment of a single exploit against a single identified target. The Blackboard Architecture Cyber Command Entity attack Route (BACCER) identification system combines rules and facts that implement attack type determination and attack decision making logic with actions that implement reconnaissance techniques and attack and defense actions. BACCER’s efficacy to model examples of tree-structures and other models is demonstrated herein.

Anming Xie,Guodong Chen,Yonggang Wang,Zhong Chen,Jianbin Hu

DOI: https://doi.org/10.1109/SSIRI.2009.32

2009-01-01

Abstract:To address the scalability problem in attack graphs generation, we propose a novel method to generate attack graphs automatically. Our approach constructs a two- tier attack graph framework, which includes a host access graph and some sub-attack graphs. A sub-attack graph describes concrete attack scenarios from one source host to one target host, while the host access graph describes the attacker's privilege transition among hosts. Our sub-attack graphs and host access graph have remarkable smaller scales and can help network administrators to find the key hosts in attack sequences. Analysis shows that the upper bound computational cost of our model is O(N3), which could also be competed in real time. The following experiment validates our approach.

Simon Unger,Ektor Arzoglou,Markus Heinrich,Dirk Scheuermann,Stefan Katzenbeisser

2023-07-26

Abstract:Risk assessment plays a crucial role in ensuring the security and resilience of modern computer systems. Existing methods for conducting risk assessments often suffer from tedious and time-consuming processes, making it challenging to maintain a comprehensive overview of potential security issues. In this paper, we propose a novel approach that leverages attack graphs to enhance the efficiency and effectiveness of risk assessment. Attack graphs visually represent the various attack paths that adversaries can exploit within a system, enabling a systematic exploration of potential vulnerabilities. By extending attack graphs with capabilities to include countermeasures and consequences, they can be leveraged to constitute the complete risk assessment process. Our method offers a more streamlined and comprehensive analysis of system vulnerabilities, where system changes, or environment changes can easily be adapted and the issues exposing the highest risk can easily be identified. We demonstrate the effectiveness of our approach through a case study, as well as the applicability by combining existing risk assessment standards with our method. Our work aims to bridge the gap between risk assessment practices and evolving threat landscapes, offering an improved methodology for managing and mitigating risks in modern computer systems.

Cryptography and Security

Stéphane Paul

DOI: https://doi.org/10.48550/arXiv.1404.1986

2014-04-08

Cryptography and Security

Abstract:Security risk management can be applied on well-defined or existing systems; in this case, the objective is to identify existing vulnerabilities, assess the risks and provide for the adequate countermeasures. Security risk management can also be applied very early in the system's development life-cycle, when its architecture is still poorly defined; in this case, the objective is to positively influence the design work so as to produce a secure architecture from the start. The latter work is made difficult by the uncertainties on the architecture and the multiple round-trips required to keep the risk assessment study and the system architecture aligned. This is particularly true for very large projects running over many years. This paper addresses the issues raised by those risk assessment studies performed early in the system's development life-cycle. Based on industrial experience, it asserts that attack trees can help solve the human cognitive scalability issue related to securing those large, continuously-changing system-designs. However, big attack trees are difficult to build, and even more difficult to maintain. This paper therefore proposes a systematic approach to automate the construction and maintenance of such big attack trees, based on the system's operational and logical architectures, the system's traditional risk assessment study and a security knowledge database.

Lukáš Sadlek,Pavel Čeleda,Daniel Tovarňák

DOI: https://doi.org/10.1109/NOMS54207.2022.9789803

2022-06-21

Abstract:The ever-evolving capabilities of cyber attackers force security administrators to focus on the early identification of emerging threats. Targeted cyber attacks usually consist of several phases, from initial reconnaissance of the network environment to final impact on objectives. This paper investigates the identification of multi-step cyber threat scenarios using kill chain and attack graphs. Kill chain and attack graphs are threat modeling concepts that enable determining weak security defense points. We propose a novel kill chain attack graph that merges kill chain and attack graphs together. This approach determines possible chains of attacker's actions and their materialization within the protected network. The graph generation uses a categorization of threats according to violated security properties. The graph allows determining the kill chain phase the administrator should focus on and applicable countermeasures to mitigate possible cyber threats. We implemented the proposed approach for a predefined range of cyber threats, especially vulnerability exploitation and network threats. The approach was validated on a real-world use case. Publicly available implementation contains a proof-of-concept kill chain attack graph generator.

Cryptography and Security

Wang Yijun,Xue Zhi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.03.024

2006-01-01

Abstract:As attack approach developed from one-step attack to coordinated attack, this article proposed stratified attack tree based on traditional attack tree. Learning from the format of IDMEF, a modular approach is introduced. We take IP-spoofing as an example.

LIU Long,CHEN Xiu-zhen,LI Jian-hua

DOI: https://doi.org/10.3969/j.issn.1000-3428.2013.10.027

2013-01-01

Abstract:As the generation of attack graph without loops leads to missing of attack paths, this paper puts forward the concept of complete attack graph and builds its automatic generation method. It obtains the network connectivity automatically by analyzing the firewall configuration files, to get rid of tedious manual input. Then the attack patterns are enriched to cover almost all network attack types and based on them, an efficient approach to complete attack graph generation is built. In the end, a model to generate complete attack graph automatically using the algorithm is built. Experimental result shows that this method has less time consumption, high degree of automation,and it can be applied to large networks.

Anming Xie,Li Zhang,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ISECS.2009.113

2009-01-01

Abstract:Attack graphs are important tools for analyzing network security vulnerabilities. Recently, the generation method of attack graphs is a hot topic to the security researchers. As previous works encounter the scalability problem and inaccurate input information problem, we propose a novel method to automatic construction of attack graphs based on probability. After introducing prior-probability, match-probability,and transition-probability into attack graphs generation process, we develop a new attack model and relevant generation algorithms. Our method uses threshold and key states to control the scale of result attack graphs with important attack paths reserved. The following experiments show our approach could get meaningful results with less time and space, especially when one wants to get a few shortest attack paths quickly.

Zhiming Liu,Sheng Li,Jin He,Di Xie,Zhantao Deng

DOI: https://doi.org/10.1109/imccc.2012.50

2012-01-01

Abstract:Today's computer systems face lots of challenges in the fast rate of emerging security problems. To accurately assess the security of computer network systems, one must understand how vulnerabilities can be combined to stage an attack. Attack graphs are important tools for analyzing security vulnerabilities in enterprise networks. However, the complexity of traditional method for generating attack graphs increases dramatically as the network size grows. To solve this problem, the efficiency of attack graph generation method must be improved. Based on the analysis of generation approaches to attack graphs, an attack graph generation method for complex network is proposed in this paper. In this method, the network framework and key nodes can be analyzed and searched by loopholes scanning firstly. Then, starting from these key nodes, the algorithm which combined greedy policy, forward exploration and backward searching is used to generate the attack graph. Experimental results prove that the model can make a comprehensive analysis on network security and research the estimation of network attack.

Sangbeom Park,Jaesung Lee,Jeong Do Yoo,Min Geun Song,Hyosun Lee,Jaewoong Choi,Chaeyeon Sagong,Huy Kang Kim

2023-11-27

Abstract:With the advancement of IoT technology, many electronic devices are interconnected through networks, communicating with each other and performing specific roles. However, as numerous devices join networks, the threat of cyberattacks also escalates. Preventing and detecting cyber threats are crucial, and one method of preventing such threats involves using attack graphs. Attack graphs are widely used to assess security threats within networks. However, a drawback emerges as the network scales, as generating attack graphs becomes time-consuming. To overcome this limitation, artificial intelligence models can be employed. By utilizing AI models, attack graphs can be created within a short period, approximating optimal outcomes. AI models designed for attack graph generation consist of encoders and decoders, trained using reinforcement learning algorithms. After training the AI models, we confirmed the model's learning effectiveness by observing changes in loss and reward values. Additionally, we compared attack graphs generated by the AI model with those created through conventional methods.

Cryptography and Security

Florian Dorfhuber,Julia Eisentraut,Katharina Klioba,Jan Kretinsky

2024-09-18

Abstract:Ranking risks and countermeasures is one of the foremost goals of quantitative security analysis. One of the popular frameworks, used also in industrial practice, for this task are attack-defense trees. Standard quantitative analyses available for attack-defense trees can distinguish likely from unlikely vulnerabilities. We provide a tool that allows for easy synthesis and analysis of those models, also featuring probabilities, costs and time. Furthermore, it provides a variety of interfaces to existing model checkers and analysis tools. Unfortunately, currently available tools rely on precise quantitative inputs (probabilities, timing, or costs of attacks), which are rarely available. Instead, only statistical, imprecise information is typically available, leaving us with probably approximately correct (PAC) estimates of the real quantities. As a part of our tool, we extend the standard analysis techniques so they can handle the PAC input and yield rigorous bounds on the imprecision and uncertainty of the final result of the analysis.

Cryptography and Security

TAO ZHANG,HU MING-ZENG,XIAO-CHUN YUN,YONG-ZHENG ZHANG

2005-01-01

Abstract:As an important method to analyze the security states of computer network, the generation of network attack graph is a hot topic in this domain. After analyzing network vulnerabilities, linking relation between devices and the characteristic of attack, the model of network security states is built, and the generating algorithm of attack graph is implemented. The experiment validates the prototype of generating tools of network attack graph. Key-Words: Network Security; Security Analysis; Attack; Attack Graph

Rahul Chandran,Wei Q. Yan

DOI: https://doi.org/10.4018/ijdcf.2014010103

2014-01-01

International Journal of Digital Crime and Forensics

Abstract:The development of technology in computer networks has boosted the percentage of cyber-attacks today. Hackers are now able to penetrate even the strongest IDS and firewalls. With the help of anti-forensic techniques, attackers defend themselves, from being tracked by destroying and distorting evidences. To detect and prevent network attacks, the main modus of operandi in network forensics is the successful implementation and analysis of attack graph from gathered evidences. This paper conveys the main concepts of attack graphs, requirements for modeling and implementation of graphs. It also contributes the aspect of incorporation of anti-forensic techniques in attack graph which will help in analysis of the diverse possibilities of attack path deviations and thus aids in recommendation of various defense strategies for better security. To the best of our knowledge, this is the first time network anti-forensics has been fully discussed and the attack graphs are employed to analyze the network attacks. The experimental analysis of anti-forensic techniques using attack graphs were conducted in the proposed test-bed which helped to evaluate the model proposed and suggests preventive measures for the improvement of security of the networks.

Milan Lopuhaä-Zwakenberg,Carlos E. Budde,Mariëlle Stoelinga

DOI: https://doi.org/10.1109/TDSC.2022.3215752

2022-12-11

Abstract:Numerous analysis methods for quantitative attack tree analysis have been proposed. These algorithms compute relevant security metrics, i.e. performance indicators that quantify how good the security of a system is; typical metrics being the most likely attack, the cheapest, or the most damaging one. However, existing methods are only geared towards specific metrics or do not work on general attack trees. This paper classifies attack trees in two dimensions: proper trees vs. directed acyclic graphs (i.e. with shared subtrees); and static vs. dynamic gates. For three out of these four classes, we propose novel algorithms that work over a generic attribute domain, encompassing a large number of concrete security metrics defined on the attack tree semantics; dynamic attack trees with directed acyclic graph structure are left as an open problem. We also analyse the computational complexity of our methods.

Cryptography and Security,Data Structures and Algorithms

Renascence Tarafder Prapty,Ashish Kundu,Arun Iyengar

2024-08-12

Abstract:As the complexity of modern systems increases, so does the importance of assessing their security posture through effective vulnerability management and threat modeling techniques. One powerful tool in the arsenal of cybersecurity professionals is the attack graph, a representation of all potential attack paths within a system that an adversary might exploit to achieve a certain objective. Traditional methods of generating attack graphs involve expert knowledge, manual curation, and computational algorithms that might not cover the entire threat landscape due to the ever-evolving nature of vulnerabilities and exploits. This paper explores the approach of leveraging large language models (LLMs), such as ChatGPT, to automate the generation of attack graphs by intelligently chaining Common Vulnerabilities and Exposures (CVEs) based on their preconditions and effects. It also shows how to utilize LLMs to create attack graphs from threat reports.

Cryptography and Security,Machine Learning