Abstract
With the development of attack technology, attackers prefer to exploit multiple vulnerabilities with a combination of several attacks instead of simply using violent cracking and botnets. In addition, enterprises tend to adopt microservices architectures and multi-cloud environments to obtain high efficiency, high reliability and high scalability. It makes modeling attack scenarios and mapping the actions of potential adversaries an urgent and difficult task. There have been many improvements that can automatically generate attack graphs for complex networks. However, extracting enough effective information from such complex attack graphs is still a problem to be solved. Traditional algorithms can’t always accomplish this task because of variable and complex attack graph inputs. In contrast, heuristic algorithms have the advantages of adaptability, self-learning ability, robustness and high efficiency. In this paper, we present heuristic algorithms to complete the analysis of attack graphs, including fusion algorithm of particle swarm optimization (PSO) algorithm and grey wolf optimization (GWO) algorithm for finding the spanning arborescence of maximum weight and improved genetic simulated annealing (GA-SA) algorithm for finding attack path with the biggest risk. Also, we present a method for node importance evaluation based on the interpretive structural modeling (ISM) method. We test our methods on a multi-cloud enterprise network, and the result shows that our methods perform well.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 217–224 (2002). https://doi.org/10.1145/586110.586140
Dai, F., Hu, Y., Zheng, K., Wu, B.: Exploring risk flow attack graph for security risk assessment. IET Inf. Secur. 9(6), 344–353 (2015)
Ghoshal, S., Sundar, S.: Two approaches for the min-degree constrained minimum spanning tree problem. Applied Soft Computing 111, 107715 (2021). https://doi.org/10.1016/j.asoc.2021.107715
Hasteer, N., Bansal, A., Murthy, B.K.: Assessment of cloud application development attributes through interpretive structural modeling. Int. J. Syst. Assur. Eng. Manag. 8, 1069–1078 (2017). https://doi.org/10.1007/s13198-017-0571-2
Ibrahim, A., Bozhinoski, S., Pretschner, A.: Attack graph generation for microservice architecture. In: Proceedings of the ACM Symposium on Applied Computing, vol. Part F147772, pp. 1235–1242 (2019). https://doi.org/10.1145/3297280.3297401
Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: Proceedings - Annual Computer Security Applications Conference, ACSAC, pp. 121–130 (2006). https://doi.org/10.1109/ACSAC.2006.39
Kar, A.K.: Bio inspired computing - a review of algorithms and scope of applications. Expert Syst. Appl. 59, 20–32 (2016). https://doi.org/10.1016/j.eswa.2016.04.018
Liu, C., Singhal, A., Wijesekera, D.: Mapping evidence graphs to attack graphs. In: WIFS 2012 - Proceedings of the 2012 IEEE International Workshop on Information Forensics and Security, pp. 121–126 (2012). https://doi.org/10.1109/WIFS.2012.6412636
Mann, M., Sangwan, O.P., Tomar, P., Singh, S.: Automatic goal-oriented test data generation using a genetic algorithm and simulated annealing. In: Proceedings of the 2016 6th International Conference - Cloud System and Big Data Engineering, Confluence 2016, pp. 83–87 (2016). https://doi.org/10.1109/CONFLUENCE.2016.7508052
Musa, T., et al.: Analysis of complex networks for security issues using attack graph. In: 2019 International Conference on Computer Communication and Informatics, ICCCI 2019 (2019). https://doi.org/10.1109/ICCCI.2019.8822179
Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: 14th USENIX Security Symposium, pp. 113–128 (2005)
Blank, R.M., Gallagher, P.D.: NIST Special Publication 800-30 Revision 1 - Guide for Conducting Risk Assessments, p. 95. NIST Special Publication, September 2012
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: IEEE Symposium on Security and Privacy, p. 273, May 2002
Sing, A.N.U., Raphs, A.T.G.: A predictive framework for cyber security analytics using attack graphs. Int. J. Comput. Netw. Commun. 7(1), 1–17 (2015)
Stergiopoulos, G., Dedousis, P., Gritzalis, D.: Automatic analysis of attack graphs for risk mitigation and prioritization on large-scale and complex networks in Industry 4.0. Int. J. Inf. Secur. 21, 37–59 (2021). https://doi.org/10.1007/s10207-020-00533-4
Swiler, L.P., Phillips, C.: A graph-based system for network-vulnerability analysis. In: The 1998 Workshop (1998)
Acknowledgement
This work is supported by the National Key R&D Program of China (Funding No. 2020YFB1805503). The 2020 Industrial Internet Innovation and Development Project from Ministry of Industry and Information Technology of China, the Fundamental Research Fund for the Central Universities (30918012204, 30920041112), Jiangsu Province Modern Education Technology Research Project (84365); National Vocational Education Teacher Enterprise Practice Base “Integration of Industry and Education” Special Project (Study on Evaluation Standard of Artificial Intelligence Vocational Skilled Level); Scientific research project of Nanjing Vocational University of Industry Technology (2020SKYJ03).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Sun, W., Li, Q., Wang, P., Hou, J. (2022). Heuristic Network Security Risk Assessment Based on Attack Graph. In: Khosravi, M.R., He, Q., Dai, H. (eds) Cloud Computing. CloudComp 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 430. Springer, Cham. https://doi.org/10.1007/978-3-030-99191-3_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-99191-3_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-99190-6
Online ISBN: 978-3-030-99191-3
eBook Packages: Computer ScienceComputer Science (R0)