Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Systems Security

ICISS 2018: Information Systems Security pp 67–87Cite as

Modeling and Analyzing Multistage Attacks Using Recursive Composition Algebra

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11281))

Abstract

This paper proposes a multistage attack modeling technique based on the recursive composition algebra (\(RCA_{MA}\)). For a given vulnerable network configuration, the \(RCA_{MA}\) generates recursive composition graph (RCG) which depicts all possible multistage attack scenarios. The prime advantages of the RCG is that it is free from cycles, therefore, does not require computation intensive cycle detection algorithms. Further, the canonical sets obtained from the RCG classifies network vulnerabilities into five classes: (i) isolated, (ii) strict igniter (entry point), (iii) strict terminator (dead end) (iv) overlapping, and (v) mutually exclusive. These classes (logical inferences) provide better insight into the logical correlation among existing vulnerabilities in a given network and hence in prioritizing vulnerability remediation activities accordingly. The efficacy and applicability of our proposition is validated by means of a case study.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Ammann, P.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 217–224. ACM Press (2002)

    Google Scholar 

  2. Awan, M.S.K., Burnap, P., Rana, O.: Identifying cyber risk hotspots: a framework for measuring temporal variance in computer network risk. Comput. Secur. 57, 31–46 (2016)

    Article  Google Scholar 

  3. Braynov, S., Jadliwala, M.: Representation and analysis of coordinated attacks. In: Proceedings of the ACM Workshop on Formal Methods in Security Engineering, pp. 43–51. ACM (2003)

    Google Scholar 

  4. Bugtraq. http://www.securityfocus.com/archive/1

  5. Chen, F., Liu, D., Zhang, Y., Su, J.: A scalable approach to analyzing network security using compact attack graphs. J. Netw. 5(5), 543–550 (2010)

    Google Scholar 

  6. Chung, C.J., Khatkar, P., Xing, T., Lee, J., Huang, D.: Nice: network intrusion detection and countermeasure selection in virtual network systems. IEEE Trans. Depend. Secure Comput. 10(4), 198–211 (2013)

    Article  Google Scholar 

  7. Cowley, J.A., Greitzer, F.L., Woods, B.: Effect of network infrastructure factors on information system risk judgments. Comput. Secur. 52, 142–158 (2015)

    Article  Google Scholar 

  8. Dacier, M.: Towards quantitative evaluation of computer security. Ph.D. thesis, Institut National Polytechnique de Toulouse - INPT, December 1994

    Google Scholar 

  9. Dacier, M., Deswarte, Y.: Privilege graph: an extension to the typed access matrix model. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 319–334. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-58618-0_72

    Chapter  Google Scholar 

  10. Dawkins, J., Campbell, C., Hale, J.: Modeling network attacks: extending the attack tree paradigm. In: Proceedings of the Workshop Statistical Machine Learning Techniques in Computer Intrusion Detection (2002)

    Google Scholar 

  11. GFILanguard. http://www.gfi.com

  12. GhasemiGol, M., Ghaemi-Bafghi, A., Takabi, H.: A comprehensive approach for network attack forecasting. Comput. Secur. 58, 83–105 (2016)

    Article  Google Scholar 

  13. Ghosh, N., Ghosh, S.: A planner-based approach to generate and analyze minimal attack graph. Appl. Intell. 36(2), 369–390 (2012)

    Article  Google Scholar 

  14. Gorski, J., Wardziński, A.: Formalising fault trees. In: Redmill, F., Anderson, T. (eds.) Proceedings of the Achievement and Assurance of Safety, pp. 311–327. Springer, London (1995). https://doi.org/10.1007/978-1-4471-3003-1_18

    Chapter  Google Scholar 

  15. Iyer, A., Ngo, H.Q.: Towards a theory of insider threat assessment. In: Proceedings of the International Conference on Dependable Systems and Networks, DSN 2005, pp. 108–117. IEEE Computer Society, Washington, DC (2005)

    Google Scholar 

  16. Jajodia, S., Noel, S.: Topological vulnerability analysis: a powerful new approach for network attack prevention, detection, and response. In: Proceedings of the Algorithms, Architectures, and Information System Security. Indian Statistical Institute Platinum Jubilee Series, pp. 285–305 (2009)

    Google Scholar 

  17. Jauhar, S., et al.: Model-based cybersecurity assessment with NESCOR smart grid failure scenarios. In: Proceedings of the IEEE 21st Pacific Rim International Symposium on Dependable Computing (PRDC), pp. 319–324 (2015)

    Google Scholar 

  18. Jha, S., Sheyner, O., Wing, J.: Two formal analysis of attack graphs. In: Proceedings of the 15th IEEE Workshop on Computer Security Foundations, CSFW 2002, pp. 49–57. IEEE Computer Society, Washington, DC 2002)

    Google Scholar 

  19. Jha, S., Sheyner, O., Wing, J.M.: Minimization and reliability analyses of attack graphs. Technical report, CMU, USA, February 2002

    Google Scholar 

  20. Kheir, N., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: A service dependency model for cost-sensitive intrusion response. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 626–642. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15497-3_38

    Chapter  Google Scholar 

  21. Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13–14, 1–38 (2014)

    Article  Google Scholar 

  22. Moore, A., Ellison, R., Linger, R.: Attack modeling for information security and survivability. Technical report, CMU/SEI-2001-TN-001, Software Engineeing Institute, Carnegie Mellon University, Pittsburgh (2001)

    Google Scholar 

  23. Nessus. http://www.tenable.com/products/nessus

  24. Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. In: Proceedings of the ACM Workshop on Visualization and Data Mining for Computer Security, pp. 109–118. ACM (2004)

    Google Scholar 

  25. NVD. https://nvd.nist.gov/

  26. Ortalo, R., Deswarte, Y., Kaaniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Trans. Softw. Eng. 25(5), 633–650 (1999)

    Article  Google Scholar 

  27. Ou, X., Boyer, W.F.: A scalable approach to attack graph generation. In: Proceedings of 13th ACM Conference on Computer and Communications Security (CCS), pp. 336–345. ACM Press (2006)

    Google Scholar 

  28. Pandey, N.K., Gupta, S.K., Leekha, S.: Algebra for capability based attack correlation. In: Onieva, J.A., Sauveron, D., Chaumette, S., Gollmann, D., Markantonakis, K. (eds.) WISTP 2008. LNCS, vol. 5019, pp. 117–135. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-79966-5_9

    Chapter  Google Scholar 

  29. Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the Workshop on New Security Paradigms, NSPW 1998, pp. 71–79. ACM, New York (1998)

    Google Scholar 

  30. Rai, G.N., Gangadharan, G.R., Padmanabhan, V.: Algebraic modeling and verification of web service composition. In: Proceedings of the 6th International Conference on Ambient Systems, Networks and Technologies (ANT), pp. 675–679 (2015)

    Article  Google Scholar 

  31. Rai, G.N., Gangadharan, G., Padmanabhan, V., Buyya, R.: Web service interaction modeling and verification using recursive composition algebra. IEEE Trans. Serv. Comput. (2018)

    Google Scholar 

  32. Ray, I., Poolsapassit, N.: Using attack trees to identify malicious attacks from authorized insiders. In: di Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 231–246. Springer, Heidelberg (2005). https://doi.org/10.1007/11555827_14

    Chapter  Google Scholar 

  33. Retina. http://www.amtsoft.com/retina/

  34. Schneier, B.: Attack trees. https://www.schneier.com/paper-attacktrees-ddj-ft.html

  35. SecurelTree: Amenaza technologies. http://www.amenaza.com/

  36. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 273–284 (2002)

    Google Scholar 

  37. Shmaryahu, D.: Constructing plan trees for simulated penetration testing. In: The 26th International Conference on Automated Planning and Scheduling, vol. 121 (2016)

    Google Scholar 

  38. Sun, K., Jajodia, S.: Protecting enterprise networks through attack surface expansion. In: Proceedings of the Workshop on Cyber Security Analytics, Intelligence and Automation, pp. 29–32. ACM (2014)

    Google Scholar 

  39. Swiler, L., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool. In: Proceedings of the DARPA Information Survivability Conference and Exposition II, DISCEX 2001, vol. 2, pp. 307–321 (2001)

    Google Scholar 

  40. Templeton, S.J., Levitt, K.: A requires/provides model for computer attacks. In: Proceedings of the Workshop on New Security Paradigms, NSPW 2000, pp. 31–38. ACM, New York (2001)

    Google Scholar 

  41. Wang, S., Zhang, Z., Kadobayashi, Y.: Exploring attack graph for cost-benefit security hardening: a probabilistic approach. Comput. Secur. 32, 158–169 (2013)

    Article  Google Scholar 

  42. Weiss, J.: A system security engineering process. In: Proceedings of the 14th National Computer Security Conference, vol. 249, pp. 572–581 (1991)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Madanpalle Institute of Technology and Science (MITS), Madanapalle, Andhra Pradesh, India

    Ghanshyam S. Bopche

  2. Rockwell Collins, Cedar Rapids, USA

    Gopal N. Rai

  3. Centre of Excellence in Cyber Security, IDRBT, Hyderabad, India

    B. M. Mehtre

  4. National Institute of Technology, Tiruchirappalli, Tiruchirappalli, India

    G. R. Gangadharan

Authors
  1. Ghanshyam S. Bopche
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gopal N. Rai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. B. M. Mehtre
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. G. R. Gangadharan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ghanshyam S. Bopche .

Editor information

Editors and Affiliations

  1. Indian Institute of Science, Bangalore, India

    Vinod Ganapathy

  2. Pennsylvania State University, University Park, PA, USA

    Trent Jaeger

  3. Indian Institute of Technology Bombay, Mumbai, India

    R.K. Shyamasundar

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bopche, G.S., Rai, G.N., Mehtre, B.M., Gangadharan, G.R. (2018). Modeling and Analyzing Multistage Attacks Using Recursive Composition Algebra. In: Ganapathy, V., Jaeger, T., Shyamasundar, R. (eds) Information Systems Security. ICISS 2018. Lecture Notes in Computer Science(), vol 11281. Springer, Cham. https://doi.org/10.1007/978-3-030-05171-6_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-05171-6_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-05170-9

  • Online ISBN: 978-3-030-05171-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation