Subil Abraham,Suku Nair

DOI: https://doi.org/10.48550/arXiv.1501.01901

2015-01-08

Cryptography and Security

Abstract:Numerous security metrics have been proposed in the past for protecting computer networks. However we still lack effective techniques to accurately measure the predictive security risk of an enterprise taking into account the dynamic attributes associated with vulnerabilities that can change over time. In this paper we present a stochastic security framework for obtaining quantitative measures of security using attack graphs. Our model is novel as existing research in attack graph analysis do not consider the temporal aspects associated with the vulnerabilities, such as the availability of exploits and patches which can affect the overall network security based on how the vulnerabilities are interconnected and leveraged to compromise the system. Gaining a better understanding of the relationship between vulnerabilities and their lifecycle events can provide security practitioners a better understanding of their state of security. In order to have a more realistic representation of how the security state of the network would vary over time, a nonhomogeneous model is developed which incorporates a time dependent covariate, namely the vulnerability age. The daily transition-probability matrices are estimated using Frei's Vulnerability Lifecycle model. We also leverage the trusted CVSS metric domain to analyze how the total exploitability and impact measures evolve over a time period for a given network.

Raj Pokhrel Nawa,P. Tsokos Chris,Nawa Raj Pokhrel,Chris P. Tsokos

DOI: https://doi.org/10.4236/jis.2017.82007

2017-01-01

Journal of Information Security

Abstract:There are several security metrics developed to protect the computer networks. In general, common security metrics focus on qualitative and subjective aspects of networks lacking formal statistical models. In the present study, we propose a stochastic model to quantify the risk associated with the overall network using Markovian process in conjunction with Common Vulnerability Scoring System (CVSS) framework. The model we developed uses host access graph to represent the network environment. Utilizing the developed model, one can filter the large amount of information available by making a priority list of vulnerable nodes existing in the network. Once a priority list is prepared, network administrators can make software patch decisions. Gaining in depth understanding of the risk and priority level of each host helps individuals to implement decisions like deployment of security products and to design network topologies.

Rahul Chandran,Wei Q. Yan

DOI: https://doi.org/10.4018/ijdcf.2014010103

2014-01-01

International Journal of Digital Crime and Forensics

Abstract:The development of technology in computer networks has boosted the percentage of cyber-attacks today. Hackers are now able to penetrate even the strongest IDS and firewalls. With the help of anti-forensic techniques, attackers defend themselves, from being tracked by destroying and distorting evidences. To detect and prevent network attacks, the main modus of operandi in network forensics is the successful implementation and analysis of attack graph from gathered evidences. This paper conveys the main concepts of attack graphs, requirements for modeling and implementation of graphs. It also contributes the aspect of incorporation of anti-forensic techniques in attack graph which will help in analysis of the diverse possibilities of attack path deviations and thus aids in recommendation of various defense strategies for better security. To the best of our knowledge, this is the first time network anti-forensics has been fully discussed and the attack graphs are employed to analyze the network attacks. The experimental analysis of anti-forensic techniques using attack graphs were conducted in the proposed test-bed which helped to evaluate the model proposed and suggests preventive measures for the improvement of security of the networks.

Simon Unger,Ektor Arzoglou,Markus Heinrich,Dirk Scheuermann,Stefan Katzenbeisser

2023-07-26

Abstract:Risk assessment plays a crucial role in ensuring the security and resilience of modern computer systems. Existing methods for conducting risk assessments often suffer from tedious and time-consuming processes, making it challenging to maintain a comprehensive overview of potential security issues. In this paper, we propose a novel approach that leverages attack graphs to enhance the efficiency and effectiveness of risk assessment. Attack graphs visually represent the various attack paths that adversaries can exploit within a system, enabling a systematic exploration of potential vulnerabilities. By extending attack graphs with capabilities to include countermeasures and consequences, they can be leveraged to constitute the complete risk assessment process. Our method offers a more streamlined and comprehensive analysis of system vulnerabilities, where system changes, or environment changes can easily be adapted and the issues exposing the highest risk can easily be identified. We demonstrate the effectiveness of our approach through a case study, as well as the applicability by combining existing risk assessment standards with our method. Our work aims to bridge the gap between risk assessment practices and evolving threat landscapes, offering an improved methodology for managing and mitigating risks in modern computer systems.

Cryptography and Security

Simon Yusuf Enoch,Mengmeng Ge,Jin B. Hong,Dong Seong Kim

DOI: https://doi.org/10.1109/rams48097.2021.9605784

2021-05-24

Abstract:Summary & Conclusions Model-based evaluation in cybersecurity has a long history. Attack Graphs (AGs) and Attack Trees (ATs) were the earlier developed graphical security models for cybersecurity analysis. However, they have limitations (e.g., scalability problem, state-space explosion problem, etc.) and lack the ability to capture other security features (e.g., countermeasures). To address the limitations and to cope with various security features, a graphical security model named attack countermeasure tree (ACT) was developed to perform security analysis by taking into account both attacks and countermeasures. In our research, we have developed different variants of a hierarchical graphical security model to solve the complexity, dynamicity, and scalability issues involved with security models in the security analysis of systems. In this paper, we summarize and classify security models into the following; graph-based, tree-based, and hybrid security models. We discuss the development of a hierarchical attack representation model (HARM) and different variants of the HARM, its applications, and usability in a variety of domains including the Internet of Things (IoT), Cloud, Software- Defined Networking, and Moving Target Defenses. Moreover, we discuss the pros and cons of each variant of HARM based on its applications and usage. Furthermore, several security metrics have been developed to be used with the graphical security model (including HARMs) to analyze the security posture of the systems and evaluate the effectiveness of defense mechanisms which is also being taken as input into optimization algorithms to compute optimal defense deployment. Thus, we provide the classification of the security metrics, including their discussions. Finally, we highlight existing problems and suggest future research directions in the area of graphical security models and applications. As a result of this work, a decision-maker can understand which type of HARM will suit their network or security analysis requirements.

Muhammad Danish

2024-07-16

Abstract:This research paper aims to examine the applicability of predictive analytics to improve the real-time identification and response to cyber-attacks. Today, threats in cyberspace have evolved to a level where conventional methods of defense are usually inadequate. This paper highlights the significance of predictive analytics and demonstrates its potential in enhancing cyber security frameworks. This research integrates literature on using big data analytics for predictive analytics in cyber security, noting that such systems could outperform conventional methods in identifying advanced cyber threats. This review can be used as a framework for future research on predictive models and the possibilities of implementing them into the cyber security frameworks. The study uses quantitative research, using a dataset from Kaggle with 2000 instances of network traffic and security events. Logistic regression and cluster analysis were used to analyze the data, with statistical tests conducted using SPSS. The findings show that predictive analytics enhance the vigilance of threats and response time. This paper advocates for predictive analytics as an essential component for developing preventative cyber security strategies, improving threat identification, and aiding decision-making processes. The practical implications and potential real-world applications of the findings are also discussed.

Cryptography and Security

Konstantinos Adamos,George Stergiopoulos,Michalis Karamousadakis,Dimitris Gritzalis,Adamos, Konstantinos,Stergiopoulos, George,Karamousadakis, Michalis,Gritzalis, Dimitris

DOI: https://doi.org/10.1007/s10207-023-00731-w

2023-07-23

International Journal of Information Security

Abstract:This paper presents a method that utilizes graph theory and state modelling algorithms to perform automatic complexity analysis of the architecture of cyber-physical systems (CPS). It describes cyber physical systems risk assessment (CPSRA), a tool to provide automatic decision support for enhancing the overall resilience of CPS architectures often used in critical infrastructures. CPRSA is built to enhance industrial risk assessment and improve the resilience of CPS architecture against malicious attacks on the cyber domain that can affect industrial processes, which is critical in a distributed cyber environment. Such attacks often compromise execution states on physical components and lead to hazards or even disasters through plant malfunction. CPSRA is tested against a real-world testbed model of a large SCADA system that is infused with real-world CVE vulnerabilities in some of its components. The tool creates an isomorphic graph of the CPS process model and uses graph algorithms and network analytics on the model to test cyber-attacks and evaluate attack resilience aspects. The tool's output is then used to pinpoint high-complexity components in terms of influence on the overall CPS architecture and suggest mitigation points for security measure implementation while considering every potential subattack path and subliminal path on the model's attack graph. The paper complements standardized assessment reports and contributes to automatic architecture assessment for critical infrastructure environments and can be used as the basis to model dependencies and threat propagation in larger digital twins, a need outlined in major NIST publications concerning the security of industrial systems that was previously done manually, without automatic insight into state and vulnerability influences.

computer science, information systems, theory & methods, software engineering

Jasmin Wachter

2023-11-17

Abstract:Graph models are helpful means of analyzing computer networks as well as complex system architectures for security. In this paper we evaluate the current state of research for representing and analysing cyber-attack using graph models, i.e. attack graph (AG) formalisms. We propose a taxonomy on attack graph formalisms, based on 70 models, which we analysed with respect to their \textit{graph semantic}, involved agents and analysis features. Additionally, we adress which formalisms allow for automatic attack graph generation from raw or processes data inputs. Our taxonomy is especially designed to help users and applied researchers identify a suitable AG model for their needs. A summary of the individual AG formalisms is provided as supplementary material.

Cryptography and Security

Alfan Presekal,Alexandru Stefanov,Vetrivel S. Rajkumar,Peter Palensky

DOI: https://doi.org/10.1109/tsg.2023.3237011

IF: 10.275

2023-09-01

IEEE Transactions on Smart Grid

Abstract:Electrical power grids are vulnerable to cyber attacks, as seen in Ukraine in 2015 and 2016. However, existing attack detection methods are limited. Most of them are based on power system measurement anomalies that occur when an attack is successfully executed at the later stages of the cyber kill chain. In contrast, the attacks on the Ukrainian power grid show the importance of system-wide, early-stage attack detection through communication-based anomalies. Therefore, in this paper, we propose a novel method for online cyber attack situational awareness that enhances the power grid resilience. It supports power system operators in the identification and localization of active attack locations in Operational Technology (OT) networks in near real-time. The proposed method employs a hybrid deep learning model of Graph Convolutional Long Short-Term Memory (GC-LSTM) and a deep convolutional network for time series classification-based anomaly detection. It is implemented as a combination of software defined networking, anomaly detection in communication throughput, and a novel attack graph model. Results indicate that the proposed method can identify active attack locations, e.g., within substations, control center, and wide area network, with an accuracy above 96%. Hence, it outperforms existing state-of-the-art deep learning-based time series classification methods.

engineering, electrical & electronic

LI Jia-rui,LING Xiao-bo,LI Chen-xi,LI Zi-mu,YANG Jia-hai,ZHANG Lei,WU Cheng-nan

DOI: https://doi.org/10.11896/jsjkx.210800107

2022-01-01

Computer Science

Abstract:In order to overcome the difficulties that current attack graph model cannot reflect real-time network attack events,a method is proposed including a forward risk probability update algorithm and a forward-backward combined risk probability update algorithm,which meets the needs of real-time analyzing network security.It first performs specific quantitative analysis on the uncertainty of each node in the graph,and uses Bayesian networks to calculate their static probabilities.After that,it updates the dynamic probability of each node along the forward and backward paths according to the real-time network security events,instantly reflecting the changes of external conditions and assessing real-time risk levels across the network.Experimental results show that the method can calibrate and adjust the risk probability of each node according to the actual situation,which helps the network operator correctly understand the dangerous levels of the network and make better decision for defense and prevention of the next attack.

Yunpeng Li,Xi Li

DOI: https://doi.org/10.1155/2021/9921731

2021-05-07

Scientific Programming

Abstract:With the rapid development of the Internet, network attacks often occur, and network security is widely concerned. Searching for practical security risk assessment methods is a research hotspot in the field of network security. Network attack graph model is an active detection technology for the attack path. From the perspective of the attacker, it simulated the whole network attack scenario and then presented the dependency among the vulnerabilities in the target network in the way of directed graph. It is an effective tool for analyzing network vulnerability. This paper describes in detail the common methods and tools of network security assessment and analyzes the construction of theoretical model of attack graph, the optimization technology of attack graph, and the research status of qualitative and quantitative analysis technology of attack graph in network security assessment. The attack graph generated in the face of large-scale network is too complex to find the key vulnerability nodes accurately and quickly. Optimizing the attack graph and solving the key attack set can help the security manager better understand the security state of the nodes in the network system, so as to strengthen the security defense ability and guarantee the security of the network system. For all kinds of loop phenomena of directed attribute attack graph, the general method of eliminating loop is given to get an acyclic attack graph. On the basis of acyclic attack graph, an optimization algorithm based on path complexity is proposed, which takes atomic attack distance and atomic weight into consideration, and on the basis of simplified attack graph, minimum-cost security reinforcement is carried out for the network environment. Based on the ant colony algorithm, the adaptive updating principle of changing pheromone and the local searching strategy of the adaptive genetic algorithm are proposed to improve the ant colony algorithm. The experimental results show that compared with the ant colony algorithm, the improved ant colony algorithm can speed up the process of solving the optimal solution. When the number of attack paths is large, the advantages of the improved ant colony algorithm in solving accuracy and late search speed are more obvious, and it is more suitable for large-scale networks.

computer science, software engineering

Jiali Wang,Martin Neil

DOI: https://doi.org/10.48550/arXiv.2106.00471

2021-06-01

Abstract:Cybersecurity risk analysis plays an essential role in supporting organizations make effective decision about how to manage and control cybersecurity risk. Cybersecurity risk is a function of the interplay between the defender, i.e., the organisation, and the attacker: decisions and actions made by the defender second guess the decisions and actions taken by the attacker and vice versa. Insight into this game between these two agents provides a means for the defender to identify and make optimal decisions. To date, the adversarial risk analysis framework has provided a decision-analytical approach to solve such game problems in the presence of uncertainty and uses Monte Carlo simulation to calculate and identify optimal decisions. We propose an alternative framework to construct and solve a serial of sequential Defend-Attack models, that incorporates the adversarial risk analysis approach, but uses a new class of influence diagrams algorithm, called hybrid Bayesian network inference, to identify optimal decision strategies. Compared to Monte Carlo simulation the proposed hybrid Bayesian network inference is more versatile because it provides an automated way to compute hybrid Defend-Attack models and extends their use to involve mixtures of continuous and discrete variables, of any kind. More importantly, the hybrid Bayesian network approach is novel in that it supports dynamic decision making whereby new real-time observations can update the Defend-Attack model in practice. We also extend the Defend-Attack model to support cases involving extra variables and longer decision sequence. Examples are presented, illustrating how the proposed framework can be adjusted for more complicated scenarios, including dynamic decision making.

Computer Science and Game Theory

Hüseyin Ünözkan,Mehmet Ertem,Salaheddine Bendak

DOI: https://doi.org/10.1007/s13721-022-00391-1

Abstract:Cyber security encompasses a variety of financial, political, and social aspects with significant implications for the safety of individuals and organisations. Hospitals are among the least secure and most vulnerable organisations in terms of cybersecurity. Protecting medical records from cyberattacks is critical for protecting personal and financial records of those involved in medical institutions. Attack graphs, like in other systems, can be used to protect medical and hospital records from cyberattacks. In the current study, a total of 352 real-life cyberattacks on healthcare institutions using common vulnerability scoring system (CVSS) data were statistically examined to determine important trends and specifications in regard to those attacks. Following that, several machine learning techniques and an artificial neural network model were used to model industrial control systems (ICS) vulnerability data of those attacks. The average vulnerability score for attacks on healthcare IT systems was found to be very high. Moreover, this score was found to be higher in healthcare institutions which have experienced cyberattacks in the past and no mitigation actions were implemented. Using Python programming software, the most successful model that can be used in modelling cyberattacks on IT systems of healthcare institutions was found to be the K-nearest neighbours (KNN) algorithm. The model was then enhanced further and then it was tried to make predictions for future cyberattacks on IT systems of healthcare institutions. Results indicate that the overall score is critical indicating that medical records are, in general, at high risk and that there is a high risk of cyberattacks on medical records in healthcare institutions. It is recommended, therefore, that those institutions should take urgent precautionary measures to mitigate such a high risk of cyberattacks and to make them more secure, reliable, and robust.

Anming Xie,Weiping Wen,Li Zhang,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/MINES.2009.136

2009-01-01

Abstract:Since attack graphs provide practical attack context and relationships among vulnerabilities, researchers have been trying to evaluate network security based on attack graphs. However, previous works focus their attention on specific evaluations they concerned, and each does things in his own way. There is no explicit way telling network administrators how to measure network security in a general way. In this paper, we propose a new metric framework, whose main goal is to guide people to perform evaluations based on attack graphs. The main components of proposed metric framework include security index, target of evaluation, elementary attribute, composition algorithm, and arithmetic operators. Relative definitions and analysis of these five components are also given. The following examples show the applications of our metric framework, and validate it.

Anmin Xie,Cong Tang,Nike Gui,Zhuhua Cai,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ICC.2010.5502655

2010-01-01

Abstract:To protect our networks against malicious intrusions, we need to evaluate these networks security. Previous works on attack graphs have provided meaningful conclusions on security measurement. However, large attack graphs are still hard to be understood vividly, and few suggestions have been proposed to prevent inside malicious attackers from attacking networks. To address these problems, we propose a novel approach to evaluate network security based on adjacency matrixes, which are constructed from existing attack graphs. With our model, we use gray scale images to show overall security vividly, and get quantitative evaluation scores. Moreover, we create a prioritized list of potential threatening hosts, which can help network administrators to harden network step by step. Analysis on computation cost shows that the upper bound computation cost of our measurement methodology is O(N3), which could be completed in real time. We also give an example to show how to put our methods in practice.

Wenhui Hu,Long Zhang,Xueyang Liu,Yu Huang,Minghui Zhang,Liang Xing

DOI: https://doi.org/10.1109/bigdatasecurity-hpsc-ids49724.2020.00033

2020-01-01

Abstract:In view of the problem that the overall security of the network is difficult to evaluate quantitatively, we propose the edge authority attack graph model, which aims to make up for the traditional dependence attack graph to describe the relationship between vulnerability behaviors. This paper proposed a network security metrics based on probability, and proposes a network vulnerability algorithm based on vulnerability exploit probability and attack target asset value. Finally, a network security reinforcement algorithm with network vulnerability index as the optimization target is proposed based on this metric algorithm.

Shaswata Mitra,Trisha Chakraborty,Subash Neupane,Aritran Piplai,Sudip Mittal

2024-01-11

Abstract:In an increasingly interconnected world, where information is the lifeblood of modern society, regular cyber-attacks sabotage the confidentiality, integrity, and availability of digital systems and information. Additionally, cyber-attacks differ depending on the objective and evolve rapidly to disguise defensive systems. However, a typical cyber-attack demonstrates a series of stages from attack initiation to final resolution, called an attack life cycle. These diverse characteristics and the relentless evolution of cyber attacks have led cyber defense to adopt modern approaches like Machine Learning to bolster defensive measures and break the attack life cycle. Among the adopted ML approaches, Graph Neural Networks have emerged as a promising approach for enhancing the effectiveness of defensive measures due to their ability to process and learn from heterogeneous cyber threat data. In this paper, we look into the application of GNNs in aiding to break each stage of one of the most renowned attack life cycles, the Lockheed Martin Cyber Kill Chain. We address each phase of CKC and discuss how GNNs contribute to preparing and preventing an attack from a defensive standpoint. Furthermore, We also discuss open research areas and further improvement scopes.

Cryptography and Security,Artificial Intelligence,Machine Learning,Neural and Evolutionary Computing

Md Habibor Rahman,Erfan Yazdandoost Hamedani,Young-Jun Son,Mohammed Shafae

DOI: https://doi.org/10.1115/1.4063729

2023-10-05

Abstract:Identifying, analyzing, and evaluating cybersecurity risks are essential to assess the vulnerabilities of modern manufacturing infrastructures and to devise effective decision-making strategies to secure critical manufacturing against potential cyberattacks. In response, this work proposes a graph-theoretic approach for risk modeling and assessment to address the lack of quantitative cybersecurity risk assessment frameworks for smart manufacturing systems. In doing so, first, threat attributes are represented using an attack graphical model derived from manufacturing cyberattack taxonomies. Attack taxonomies offer consistent structures to categorize threat attributes, and the graphical approach helps model their interdependence. Second, the graphs are analyzed to explore how threat events can propagate through the manufacturing value chain and identify the manufacturing assets that threat actors can access and compromise during a threat event. Third, the proposed method identifies the attack path that maximizes the likelihood of success and minimizes the attack detection probability, and then computes the associated cybersecurity risk. Finally, the proposed risk modeling and assessment framework is demonstrated via an interconnected smart manufacturing system illustrative example. Using the proposed approach, practitioners can identify critical connections and manufacturing assets requiring prioritized security controls and develop and deploy appropriate defense measures accordingly.

Cryptography and Security,Systems and Control,Optimization and Control

NAVEEN K,

DOI: https://doi.org/10.55041/ijsrem29316

2024-03-19

INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT

Abstract:The Cyber Provide series system a multifaceted system with a multiple subsystems carrying out distinct functions. The potential weaknesses and risks originating out of a segment and arrangement that will manipulated at some stage in the provide series. make supply chain security difficult As a result, it is critical for organizations to comprehend and assess the risks in order to implement the appropriate supply chain security management measures. Using machine learning (ML) techniques in conjunction with cyber threat intelligence (CTI), we have been able To examine and predict potential risks using the characteristics of CTI. This makes it possible to pinpoint the innate CSC vulnerabilities and implement the proper countermeasures for an overall increase in cyber security. In order to show the practicality of our method, we collect CTI data and use the Microsoft viruses forecast dataset to produce prophetic investigation using several machine learning (ML) algorithms, The test considers the pounce and TTP as capture variable, while the measures of compromise and vulnerabilities are considered as output parameters, incorporating Decision Tree, Random Forest, Support Vector Machine. KEY WORDS Cyber Supply Chain; Cyber warning surveillance; Predictive Analytics, Cyber Safety, Tactical Methods Process

Corren McCoy,Ross Gore,Michael L. Nelson,Michele C. Weigle

2024-06-10

Abstract:The relentless process of tracking and remediating vulnerabilities is a top concern for cybersecurity professionals. The key challenge is trying to identify a remediation scheme specific to in-house, organizational objectives. Without a strategy, the result is a patchwork of fixes applied to a tide of vulnerabilities, any one of which could be the point of failure in an otherwise formidable defense. Given that few vulnerabilities are a focus of real-world attacks, a practical remediation strategy is to identify vulnerabilities likely to be exploited and focus efforts towards remediating those vulnerabilities first. The goal of this research is to demonstrate that aggregating and synthesizing readily accessible, public data sources to provide personalized, automated recommendations for organizations to prioritize their vulnerability management strategy will offer significant improvements over using the Common Vulnerability Scoring System (CVSS). We provide a framework for vulnerability management specifically focused on mitigating threats using adversary criteria derived from MITRE ATT&CK. We test our approach by identifying vulnerabilities in software associated with six universities and four government facilities. Ranking policy performance is measured using the Normalized Discounted Cumulative Gain (nDCG). Our results show an average 71.5% - 91.3% improvement towards the identification of vulnerabilities likely to be targeted and exploited by cyber threat actors. The return on investment (ROI) of patching using our policies results in a savings of 23.3% - 25.5% in annualized costs. Our results demonstrate the efficacy of creating knowledge graphs to link large data sets to facilitate semantic queries and create data-driven, flexible ranking policies.

Cryptography and Security