LI Jia-rui,LING Xiao-bo,LI Chen-xi,LI Zi-mu,YANG Jia-hai,ZHANG Lei,WU Cheng-nan

DOI: https://doi.org/10.11896/jsjkx.210800107

2022-01-01

Computer Science

Abstract:In order to overcome the difficulties that current attack graph model cannot reflect real-time network attack events,a method is proposed including a forward risk probability update algorithm and a forward-backward combined risk probability update algorithm,which meets the needs of real-time analyzing network security.It first performs specific quantitative analysis on the uncertainty of each node in the graph,and uses Bayesian networks to calculate their static probabilities.After that,it updates the dynamic probability of each node along the forward and backward paths according to the real-time network security events,instantly reflecting the changes of external conditions and assessing real-time risk levels across the network.Experimental results show that the method can calibrate and adjust the risk probability of each node according to the actual situation,which helps the network operator correctly understand the dangerous levels of the network and make better decision for defense and prevention of the next attack.

Anming Xie,Li Zhang,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ISECS.2009.113

2009-01-01

Abstract:Attack graphs are important tools for analyzing network security vulnerabilities. Recently, the generation method of attack graphs is a hot topic to the security researchers. As previous works encounter the scalability problem and inaccurate input information problem, we propose a novel method to automatic construction of attack graphs based on probability. After introducing prior-probability, match-probability,and transition-probability into attack graphs generation process, we develop a new attack model and relevant generation algorithms. Our method uses threshold and key states to control the scale of result attack graphs with important attack paths reserved. The following experiments show our approach could get meaningful results with less time and space, especially when one wants to get a few shortest attack paths quickly.

Qiumei Cheng,Chunming Wu,Shiying Zhou

DOI: https://doi.org/10.1109/lcomm.2020.3048995

IF: 3.5529

2021-01-01

IEEE Communications Letters

Abstract:The alert correlation process that aggregates computer network security alerts to the same attack scenario provides a coherent view of network status at a higher abstraction level. This letter proposes a framework called Alert-GCN to correlate alerts that belong to the same attack using graph convolutional networks (GCN). The intuition is that the stacked convolutional layers help aggregate alert information from farther neighbors in the alert graph, thus facilitating attack scenario discovery. Alert-GCN first transforms alerts into alert graph with one-hot encoding and then feeds the graph into the GCN to perform node classification. The experimental results indicate that Alert-GCN outperforms traditional classification models in correlating alerts.

Rahul Chandran,Wei Q. Yan

DOI: https://doi.org/10.4018/ijdcf.2014010103

2014-01-01

International Journal of Digital Crime and Forensics

Abstract:The development of technology in computer networks has boosted the percentage of cyber-attacks today. Hackers are now able to penetrate even the strongest IDS and firewalls. With the help of anti-forensic techniques, attackers defend themselves, from being tracked by destroying and distorting evidences. To detect and prevent network attacks, the main modus of operandi in network forensics is the successful implementation and analysis of attack graph from gathered evidences. This paper conveys the main concepts of attack graphs, requirements for modeling and implementation of graphs. It also contributes the aspect of incorporation of anti-forensic techniques in attack graph which will help in analysis of the diverse possibilities of attack path deviations and thus aids in recommendation of various defense strategies for better security. To the best of our knowledge, this is the first time network anti-forensics has been fully discussed and the attack graphs are employed to analyze the network attacks. The experimental analysis of anti-forensic techniques using attack graphs were conducted in the proposed test-bed which helped to evaluate the model proposed and suggests preventive measures for the improvement of security of the networks.

Anming Xie,Zhuhua Cai,Cong Tang,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ACSAC.2009.22

2009-01-01

Abstract:Attack graphs play important roles in analyzing network security vulnerabilities, and previous works have provided meaningful conclusions on the generation and security measurement of attack graphs. However, it is still hard for us to understand attack graphs in a large network, and few suggestions have been proposed to prevent inside malicious attackers from attacking networks. To address these problems, we propose a novel approach to generate and describe attack graphs. Firstly, we construct a two-layer attack graph, where the upper layer is a hosts access graph and the lower layer is composed of some host-pair attack graphs. Compared with previous works, our attack graph has simpler structures, and reaches the best upper bound of computation cost in O(N2). Furthermore, we introduce the adjacency matrix to efficiently evaluate network security, with overall evaluation results presented by gray scale images vividly. Thirdly, by applying prospective damage and important weight factors on key hosts with crucial resources, we can create prioritized lists of potential threatening hosts and stepping stones, both of which can help network administrators to harden network security. Analysis on computation cost shows that the upper bound computation cost of our measurement methodology is O(N3), which could also be completed in real time. Finally, we give some examples to show how to put our methods in practice.

Anming Xie,Guodong Chen,Yonggang Wang,Zhong Chen,Jianbin Hu

DOI: https://doi.org/10.1109/SSIRI.2009.32

2009-01-01

Abstract:To address the scalability problem in attack graphs generation, we propose a novel method to generate attack graphs automatically. Our approach constructs a two- tier attack graph framework, which includes a host access graph and some sub-attack graphs. A sub-attack graph describes concrete attack scenarios from one source host to one target host, while the host access graph describes the attacker's privilege transition among hosts. Our sub-attack graphs and host access graph have remarkable smaller scales and can help network administrators to find the key hosts in attack sequences. Analysis shows that the upper bound computational cost of our model is O(N3), which could also be competed in real time. The following experiment validates our approach.

HU Zhen-yu,ZHANG Rui-ling,SUN Fu-chun

2008-01-01

Abstract:Under the assumption of security dependence relation among different network nodes,a Bayesian model is put forward for locating and tracing a network attack.The proposed model constructs a security dependence tree from the security dependence relation.And the Bayesian method can be used to compute attacking factors of involved nodes.Comparing the differences among attacking factors,both the original node and the attacking path can be determined.

Anming Xie,Guodong Chen,Yonggang Wang,Zhong Chen,Jianbin Hu

2009-01-01

Abstract:To address the scalability problem in attack graphs generation, we propose a novel method to generate attack graphs automatically. Our approach constructs a two- tier attack graph framework, which includes a host access graph and some sub-attack graphs .A sub-attack graph describes concrete attack scenarios from one source host to one target host, while the host access graph describes the attacker's privilege transition among hosts. Our sub-attack graphs and host access graph have remarkable smaller scales and can help network administrators to find the key hosts in attack sequences. Analysis shows that the upper bound computational cost of our model is O(N 3 ), which could also be competed in real time. The following experiment validates our approach. Keywords-network security; attack graphs; host access graph; sub-attack graph; I. INTRODUCTION

Kunfu Wang,Wei Feng,Xing Li

DOI: https://doi.org/10.12783/dtcse/ccnt2020/35444

2021-01-01

DEStech Transactions on Computer Science and Engineering

Abstract:In order to assist network administrators to assess network security risks, a new Bayesian model of network risk assessment method is proposed. Firstly, the model designs the quantitative method of attack revenue and attack cost index, introduces the atomic attack efficiency variable, and integrates the variable into the calculation of probability, obtains the prior risk probability of each node in the network, so as to carry out the static evaluation of network risk. Secondly, DNO_Alg of deleting node order is proposed to determine the order of eliminating elements, so that Bayesian model can be transformed into cluster tree. Finally, combined with the detected attacks, the cluster tree propagation algorithm is used to dynamically calculate the posterior risk probability of nodes, so as to evaluate the network risk in real time.

Wenhui Hu,Long Zhang,Xueyang Liu,Yu Huang,Minghui Zhang,Liang Xing

DOI: https://doi.org/10.1109/bigdatasecurity-hpsc-ids49724.2020.00033

2020-01-01

Abstract:In view of the problem that the overall security of the network is difficult to evaluate quantitatively, we propose the edge authority attack graph model, which aims to make up for the traditional dependence attack graph to describe the relationship between vulnerability behaviors. This paper proposed a network security metrics based on probability, and proposes a network vulnerability algorithm based on vulnerability exploit probability and attack target asset value. Finally, a network security reinforcement algorithm with network vulnerability index as the optimization target is proposed based on this metric algorithm.

Anmin Xie,Cong Tang,Nike Gui,Zhuhua Cai,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ICC.2010.5502655

2010-01-01

Abstract:To protect our networks against malicious intrusions, we need to evaluate these networks security. Previous works on attack graphs have provided meaningful conclusions on security measurement. However, large attack graphs are still hard to be understood vividly, and few suggestions have been proposed to prevent inside malicious attackers from attacking networks. To address these problems, we propose a novel approach to evaluate network security based on adjacency matrixes, which are constructed from existing attack graphs. With our model, we use gray scale images to show overall security vividly, and get quantitative evaluation scores. Moreover, we create a prioritized list of potential threatening hosts, which can help network administrators to harden network step by step. Analysis on computation cost shows that the upper bound computation cost of our measurement methodology is O(N3), which could be completed in real time. We also give an example to show how to put our methods in practice.

Jinwei Yang,Yu Yang,Lu Zheng,Ruixia Cheng,Shengnan Lin

DOI: https://doi.org/10.1088/1742-6596/2310/1/012071

2022-10-11

Journal of Physics: Conference Series

Abstract:Network security situation awareness (NSSA) can analyze current network status and predict trends. Intrusion detection systems are used as sources of security factor in situational awareness, and their accuracy affects the assessment of network security. The attack graph can filter out key nodes and enumerate possible attack paths, which has become the main method of risk assessment. Therefore, a network security situation assessment technology based on intrusion detection was proposed. The detection rate of the intrusion detection system was improved firstly, and then the attack graph was combined with the hidden Markov model (HMM) for network security assessment. The experimental results show that this method can effectively speculate the attack intention and reflect the results intuitively and roundly.

Jianping Zeng,Shuang Wu,Yanyu Chen,Rui Zeng,Chengrong Wu

DOI: https://doi.org/10.1155/2019/2031063

2019-01-01

Abstract:AbstractAttack graph can simulate the possible paths used by attackers to invade the network. By using the attack graph, the administrator can evaluate the security of the network and analyze and predict the behavior of the attacker. Although there are many research studies on attack graph, there is no systematic survey for the related analysis methods. This paper firstly introduces the basic concepts, generation methods, and computing tasks of the attack graph, and then, several kinds of analysis methods of attack graph, namely, graph-based method, Bayesian network-based method, Markov model-based method, cost optimization method, and uncertainty analysis method, are described in detail. Finally, comparative study of the methods and future work are provided. We believe that this work would help the research community to understand the attack graph analysis method systematically.

Zihan Liu,Yun Luo,Lirong Wu,Zicheng Liu,Stan Z. Li

2023-03-29

Abstract:It has become cognitive inertia to employ cross-entropy loss function in classification related tasks. In the untargeted attacks on graph structure, the gradients derived from the attack objective are the attacker's basis for evaluating a perturbation scheme. Previous methods use negative cross-entropy loss as the attack objective in attacking node-level classification models. However, the suitability of the cross-entropy function for constructing the untargeted attack objective has yet been discussed in previous works. This paper argues about the previous unreasonable attack objective from the perspective of budget allocation. We demonstrate theoretically and empirically that negative cross-entropy tends to produce more significant gradients from nodes with lower confidence in the labeled classes, even if the predicted classes of these nodes have been misled. To free up these inefficient attack budgets, we propose a simple attack model for untargeted attacks on graph structure based on a novel attack objective which generates unweighted gradients on graph structures that are not affected by the node confidence. By conducting experiments in gray-box poisoning attack scenarios, we demonstrate that a reasonable budget allocation can significantly improve the effectiveness of gradient-based edge perturbations without any extra hyper-parameter.

Machine Learning,Cryptography and Security

Junyang Jin,Ye Yuan,Jorge Gonalves,Jorge Goncalves

DOI: https://doi.org/10.1109/tac.2020.3016964

IF: 6.549

2021-07-01

IEEE Transactions on Automatic Control

Abstract:Network inference has been attracting increasing attention in several fields, notably systems biology and biomedicine. Indeed, one of our biggest challenges is to uncover and understand complex molecular networks behind cells and organisms. A network is mainly characterized by its topology and internal dynamics. In particular, sparse topologies with stable dynamics are properties present in most real-world networks. Moreover, experiments typically measure a partial set of nodes. Linear systems have been used as approximations of complex nonlinear systems in a wide range of applications. Although they exhibit simpler dynamics, they can easily model unmeasured nodes, e.g., via transfer functions, which is not possible for nonlinear systems. This article explores these properties and considers general linear network models. It develops a method, based on reversible jump Markov chain Monte Carlo, to estimate the confidence of all links and produce the most likely topology. Monte Carlo simulations indicate that our approach consistently produces more accurate networks compared with other state-of-the-art methods, including kernel-based methods, nonlinear ordinary-differential-equation-based methods (iCheMA), and machine-learning-based methods (dynGINIE3). We show that this is also true on a well-known biological nonlinear model. The proposed method can be used in a wide range of applications, such as systems biology and biomedicine, and fault detection and diagnosis.

automation & control systems,engineering, electrical & electronic

Vincenzo Perri,Luka V. Petrović,Ingo Scholtes

DOI: https://doi.org/10.1140/epjds/s13688-023-00416-3

IF: 3.63

2023-10-12

EPJ Data Science

Abstract:Many network analysis and graph learning techniques are based on discrete- or continuous-time models of random walks. To apply these methods, it is necessary to infer transition matrices that formalize the underlying stochastic process in an observed graph. For weighted graphs, where weighted edges capture observations of repeated interactions between nodes, it is common to estimate the entries of such transition matrices based on the (relative) weights of edges. However in real-world settings we are often confronted with incomplete data, which turns the construction of the transition matrix based on a weighted graph into an inference problem . Moreover, we often have access to additional information, which capture topological constraints of the system, i.e. which edges in a weighted graph are (theoretically) possible and which are not. Examples include transportation networks, where we may have access to a small sample of passenger trajectories as well as the physical topology of connections, or a limited set of observed social interactions with additional information on the underlying social structure. Combining these two different sources of information to reliably infer transition matrices from incomplete data on repeated interactions is an important open challenge, with severe implications for the reliability of downstream network analysis tasks.

mathematics, interdisciplinary applications,social sciences, mathematical methods

Sangbeom Park,Jaesung Lee,Jeong Do Yoo,Min Geun Song,Hyosun Lee,Jaewoong Choi,Chaeyeon Sagong,Huy Kang Kim

2023-11-27

Abstract:With the advancement of IoT technology, many electronic devices are interconnected through networks, communicating with each other and performing specific roles. However, as numerous devices join networks, the threat of cyberattacks also escalates. Preventing and detecting cyber threats are crucial, and one method of preventing such threats involves using attack graphs. Attack graphs are widely used to assess security threats within networks. However, a drawback emerges as the network scales, as generating attack graphs becomes time-consuming. To overcome this limitation, artificial intelligence models can be employed. By utilizing AI models, attack graphs can be created within a short period, approximating optimal outcomes. AI models designed for attack graph generation consist of encoders and decoders, trained using reinforcement learning algorithms. After training the AI models, we confirmed the model's learning effectiveness by observing changes in loss and reward values. Additionally, we compared attack graphs generated by the AI model with those created through conventional methods.

Cryptography and Security

Zhikun Zhang,Min Chen,Michael Backes,Yun Shen,Yang Zhang

DOI: https://doi.org/10.48550/arXiv.2110.02631

2021-10-06

Abstract:Graph is an important data representation ubiquitously existing in the real world. However, analyzing the graph data is computationally difficult due to its non-Euclidean nature. Graph embedding is a powerful tool to solve the graph analytics problem by transforming the graph data into low-dimensional vectors. These vectors could also be shared with third parties to gain additional insights of what is behind the data. While sharing graph embedding is intriguing, the associated privacy risks are unexplored. In this paper, we systematically investigate the information leakage of the graph embedding by mounting three inference attacks. First, we can successfully infer basic graph properties, such as the number of nodes, the number of edges, and graph density, of the target graph with up to 0.89 accuracy. Second, given a subgraph of interest and the graph embedding, we can determine with high confidence that whether the subgraph is contained in the target graph. For instance, we achieve 0.98 attack AUC on the DD dataset. Third, we propose a novel graph reconstruction attack that can reconstruct a graph that has similar graph structural statistics to the target graph. We further propose an effective defense mechanism based on graph embedding perturbation to mitigate the inference attacks without noticeable performance degradation for graph classification tasks. Our code is available at <a class="link-external link-https" href="https://github.com/Zhangzhk0819/GNN-Embedding-Leaks" rel="external noopener nofollow">this https URL</a>.

Cryptography and Security,Machine Learning

Zhengyi Wang,Zhongkai Hao,Hang Su,Jun Zhu

2021-01-01

Abstract:While deep neural networks have achieved great success on the graph analysis, recent works have shown that they are also vulnerable to adversarial attacks where fraudulent users can fool the model with a limited number of queries. Compared with adversarial attacks on image classification, performing adversarial attack on graphs is challenging because of the discrete and non-differential nature of a graph. To address these issues, we proposed Cluster Attack, a novel adversarial attack by introducing a set of fake nodes to the original graph which can mislead the classification on certain victim nodes. Specifically, we query the victim model for each victim node to acquire their most adversarial feature, which is related to how the fake node’s feature will affect the victim nodes. We further cluster the victim nodes into several subgroups according to their most adversarial features such that we can reduce the searching space. Moreover, our attack is performed in a practical and unnoticeable manner: (1) We protect the predicted labels of nodes which we are not aimed for from being changed during attack. (2) We attack by introducing fake nodes into the original graph without changing existing links and features. (3) We attack with only partial information about the attacked graph, i.e., by leveraging the information of victim nodes along with their neighbors within k-hop instead of the whole graph. (4) We perform attack with a limited number of queries about the predicted scores of the model in a blackbox manner, i.e., without model architecture and parameters. Extensive experiments demonstrate the effectiveness of our method in terms of the success rate of attack. Department of Computer Science and Technology, Tsinghua University, China. Correspondence to: Zhengyi Wang <wangzy21@mails.tsinghua.edu.cn>. x x x

Shuhui Luo,Peilan Liu,Xulun Ye

DOI: https://doi.org/10.1371/journal.pone.0307146

IF: 3.7

2024-07-18

PLoS ONE

Abstract:As a widely studied model in the machine learning and data processing society, graph convolutional network reveals its advantage in non-grid data processing. However, existing graph convolutional networks generally assume that the node features can be fully observed. This may violate the fact that many real applications come with only the pairwise relationships and the corresponding node features are unavailable. In this paper, a novel graph convolutional network model based on Bayesian framework is proposed to handle the graph node classification task without relying on node features. First, we equip the graph node with the pseudo-features generated from the stochastic process. Then, a hidden space structure preservation term is proposed and embedded into the generation process to maintain the independent and identically distributed property between the training and testing dataset. Although the model inference is challenging, we derive an efficient training and predication algorithm using variational inference. Experiments on different datasets demonstrate the proposed graph convolutional networks can significantly outperform traditional methods, achieving an average performance improvement of 9%.