Abstract
This paper proposes a multistage attack modeling technique based on the recursive composition algebra (\(RCA_{MA}\)). For a given vulnerable network configuration, the \(RCA_{MA}\) generates recursive composition graph (RCG) which depicts all possible multistage attack scenarios. The prime advantages of the RCG is that it is free from cycles, therefore, does not require computation intensive cycle detection algorithms. Further, the canonical sets obtained from the RCG classifies network vulnerabilities into five classes: (i) isolated, (ii) strict igniter (entry point), (iii) strict terminator (dead end) (iv) overlapping, and (v) mutually exclusive. These classes (logical inferences) provide better insight into the logical correlation among existing vulnerabilities in a given network and hence in prioritizing vulnerability remediation activities accordingly. The efficacy and applicability of our proposition is validated by means of a case study.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Ammann, P.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 217–224. ACM Press (2002)
Awan, M.S.K., Burnap, P., Rana, O.: Identifying cyber risk hotspots: a framework for measuring temporal variance in computer network risk. Comput. Secur. 57, 31–46 (2016)
Braynov, S., Jadliwala, M.: Representation and analysis of coordinated attacks. In: Proceedings of the ACM Workshop on Formal Methods in Security Engineering, pp. 43–51. ACM (2003)
Chen, F., Liu, D., Zhang, Y., Su, J.: A scalable approach to analyzing network security using compact attack graphs. J. Netw. 5(5), 543–550 (2010)
Chung, C.J., Khatkar, P., Xing, T., Lee, J., Huang, D.: Nice: network intrusion detection and countermeasure selection in virtual network systems. IEEE Trans. Depend. Secure Comput. 10(4), 198–211 (2013)
Cowley, J.A., Greitzer, F.L., Woods, B.: Effect of network infrastructure factors on information system risk judgments. Comput. Secur. 52, 142–158 (2015)
Dacier, M.: Towards quantitative evaluation of computer security. Ph.D. thesis, Institut National Polytechnique de Toulouse - INPT, December 1994
Dacier, M., Deswarte, Y.: Privilege graph: an extension to the typed access matrix model. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 319–334. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-58618-0_72
Dawkins, J., Campbell, C., Hale, J.: Modeling network attacks: extending the attack tree paradigm. In: Proceedings of the Workshop Statistical Machine Learning Techniques in Computer Intrusion Detection (2002)
GFILanguard. http://www.gfi.com
GhasemiGol, M., Ghaemi-Bafghi, A., Takabi, H.: A comprehensive approach for network attack forecasting. Comput. Secur. 58, 83–105 (2016)
Ghosh, N., Ghosh, S.: A planner-based approach to generate and analyze minimal attack graph. Appl. Intell. 36(2), 369–390 (2012)
Gorski, J., Wardziński, A.: Formalising fault trees. In: Redmill, F., Anderson, T. (eds.) Proceedings of the Achievement and Assurance of Safety, pp. 311–327. Springer, London (1995). https://doi.org/10.1007/978-1-4471-3003-1_18
Iyer, A., Ngo, H.Q.: Towards a theory of insider threat assessment. In: Proceedings of the International Conference on Dependable Systems and Networks, DSN 2005, pp. 108–117. IEEE Computer Society, Washington, DC (2005)
Jajodia, S., Noel, S.: Topological vulnerability analysis: a powerful new approach for network attack prevention, detection, and response. In: Proceedings of the Algorithms, Architectures, and Information System Security. Indian Statistical Institute Platinum Jubilee Series, pp. 285–305 (2009)
Jauhar, S., et al.: Model-based cybersecurity assessment with NESCOR smart grid failure scenarios. In: Proceedings of the IEEE 21st Pacific Rim International Symposium on Dependable Computing (PRDC), pp. 319–324 (2015)
Jha, S., Sheyner, O., Wing, J.: Two formal analysis of attack graphs. In: Proceedings of the 15th IEEE Workshop on Computer Security Foundations, CSFW 2002, pp. 49–57. IEEE Computer Society, Washington, DC 2002)
Jha, S., Sheyner, O., Wing, J.M.: Minimization and reliability analyses of attack graphs. Technical report, CMU, USA, February 2002
Kheir, N., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: A service dependency model for cost-sensitive intrusion response. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 626–642. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15497-3_38
Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13–14, 1–38 (2014)
Moore, A., Ellison, R., Linger, R.: Attack modeling for information security and survivability. Technical report, CMU/SEI-2001-TN-001, Software Engineeing Institute, Carnegie Mellon University, Pittsburgh (2001)
Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. In: Proceedings of the ACM Workshop on Visualization and Data Mining for Computer Security, pp. 109–118. ACM (2004)
Ortalo, R., Deswarte, Y., Kaaniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Trans. Softw. Eng. 25(5), 633–650 (1999)
Ou, X., Boyer, W.F.: A scalable approach to attack graph generation. In: Proceedings of 13th ACM Conference on Computer and Communications Security (CCS), pp. 336–345. ACM Press (2006)
Pandey, N.K., Gupta, S.K., Leekha, S.: Algebra for capability based attack correlation. In: Onieva, J.A., Sauveron, D., Chaumette, S., Gollmann, D., Markantonakis, K. (eds.) WISTP 2008. LNCS, vol. 5019, pp. 117–135. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-79966-5_9
Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the Workshop on New Security Paradigms, NSPW 1998, pp. 71–79. ACM, New York (1998)
Rai, G.N., Gangadharan, G.R., Padmanabhan, V.: Algebraic modeling and verification of web service composition. In: Proceedings of the 6th International Conference on Ambient Systems, Networks and Technologies (ANT), pp. 675–679 (2015)
Rai, G.N., Gangadharan, G., Padmanabhan, V., Buyya, R.: Web service interaction modeling and verification using recursive composition algebra. IEEE Trans. Serv. Comput. (2018)
Ray, I., Poolsapassit, N.: Using attack trees to identify malicious attacks from authorized insiders. In: di Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 231–246. Springer, Heidelberg (2005). https://doi.org/10.1007/11555827_14
Retina. http://www.amtsoft.com/retina/
Schneier, B.: Attack trees. https://www.schneier.com/paper-attacktrees-ddj-ft.html
SecurelTree: Amenaza technologies. http://www.amenaza.com/
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 273–284 (2002)
Shmaryahu, D.: Constructing plan trees for simulated penetration testing. In: The 26th International Conference on Automated Planning and Scheduling, vol. 121 (2016)
Sun, K., Jajodia, S.: Protecting enterprise networks through attack surface expansion. In: Proceedings of the Workshop on Cyber Security Analytics, Intelligence and Automation, pp. 29–32. ACM (2014)
Swiler, L., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool. In: Proceedings of the DARPA Information Survivability Conference and Exposition II, DISCEX 2001, vol. 2, pp. 307–321 (2001)
Templeton, S.J., Levitt, K.: A requires/provides model for computer attacks. In: Proceedings of the Workshop on New Security Paradigms, NSPW 2000, pp. 31–38. ACM, New York (2001)
Wang, S., Zhang, Z., Kadobayashi, Y.: Exploring attack graph for cost-benefit security hardening: a probabilistic approach. Comput. Secur. 32, 158–169 (2013)
Weiss, J.: A system security engineering process. In: Proceedings of the 14th National Computer Security Conference, vol. 249, pp. 572–581 (1991)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Bopche, G.S., Rai, G.N., Mehtre, B.M., Gangadharan, G.R. (2018). Modeling and Analyzing Multistage Attacks Using Recursive Composition Algebra. In: Ganapathy, V., Jaeger, T., Shyamasundar, R. (eds) Information Systems Security. ICISS 2018. Lecture Notes in Computer Science(), vol 11281. Springer, Cham. https://doi.org/10.1007/978-3-030-05171-6_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-05171-6_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05170-9
Online ISBN: 978-3-030-05171-6
eBook Packages: Computer ScienceComputer Science (R0)