Abstract
Graphical models like attack trees and attack graphs provide promising approaches to represent and analyze complex cyber infrastructures. One common analysis that graphical models are used for is to identify short, or other types of critical attack paths. In this paper, we consider attack graphs that are probabilistic, and the attack steps are characterized by multiple parameters, the probability of success, and the distribution of time to perform the attack step. We propose low-complexity solutions to find sets of critical paths according to flexible mean value-based utility functions. We demonstrate that the results are similar to the ones from Monte-Carlo simulations. Consequently, the utility function-based approach can substitute time-consuming simulations and can be a valuable component of dynamic defense strategies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: 9th ACM Conference on Computer and Communications Security, pp. 217–224 (2002)
Li, W., Vaughn, R.B.: Cluster security research involving the modeling of network exploitations using exploitation graphs. In: 6th IEEE International Symposium on Cluster Computing and the Grid, vol. 2, p. 26 (2006)
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: IEEE Symposium on Security & Privacy, pp. 273–284 (2002)
Fila, B., Widel, W.: Efficient attack-defense tree analysis using pareto attribute domains. In: 32nd IEEE Computer Security Foundations Symposium, pp. 200–215 (2019)
Idika, N., Bhargava, B.: Extending attack graph-based security metrics and aggregating their application. IEEE Trans. Dependable Secure Comput. 9(1), 75–85 (2010)
Leversage, D.J., Byres, E.J.: Estimating a system’s mean time-to-compromise. IEEE Secur. Priv. 6(1), 52–60 (2008)
Ramos, A., Lazar, M., Holanda Filho, R., Rodrigues, J.J.: Model-based quantitative network security metrics: a survey. IEEE Commun. Surv. Tutor. 19(4), 2704–2734 (2017)
Aslanyan, Z., Nielson, F.: Pareto efficient solutions of attack-defence trees. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 95–114. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46666-7_6
Frank, H.: Shortest paths in probabilistic graphs. Oper. Res. 17(4), 583–599 (1969)
Hall, R.W.: The fastest path through a network with random time-dependent travel times. Transp. Sci. 20(3), 182–188 (1986)
Rasteiro, D., Anjo, A.: Optimal paths in probabilistic networks. J. Math. Sci. 120(1), 974–987 (2004)
Xiong, W., Hacks, S., Lagerstrom, R.: A method for assigning probability distributions in attack simulation languages. Complex Syst. Inform. Model. Q. 151(26), 55–77 (2021)
Van Slyke, R.M.: Monte Carlo methods and the pert problem. Oper. Res. 11(5), 839–860 (1963)
Katsikeas, S., et al.: An attack simulation language for the IT domain. In: Eades III, H., Gadyatskaya, O. (eds.) GraMSec 2020. LNCS, vol. 12419, pp. 67–86. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-62230-5_4
Wideł, W., Hacks, S., Ekstedt, M., Johnson, P., Lagerström, R.: The meta attack language - a formal description. Comput. Secur. 130, 1–12 (2023)
Kulkarni, V.G.: Shortest paths in networks with exponentially distributed arc lengths. Networks 16(3), 255–274 (1986)
Sen, S., Pillai, R., Joshi, S., Rathi, A.K.: A mean-variance model for route guidance in advanced traveler information systems. Transp. Sci. 35(1), 37–49 (2001)
Khani, A., Boyles, S.D.: An exact algorithm for the mean-standard deviation shortest path problem. Transp. Res. Part B: Methodol. 81, 252–266 (2015)
Hutson, K.R., Shier, D.R.: Extended dominance and a stochastic shortest path problem. Comput. Oper. Res. 36(2), 584–596 (2009)
Martins, E.Q.V.: On a multicriteria shortest path problem. Eur. J. Oper. Res. 16(2), 236–245 (1984)
Hartley, R.: Vector optimal routing by dynamic programming. Math. Multi Objective Optim. 215–224 (1985)
Warburton, A.: Approximation of pareto optima in multiple-objective, shortest-path problems. Oper. Res. 35(1), 70–79 (1987)
Tung, C.T., Chew, K.L.: A multicriteria pareto-optimal path algorithm. Eur. J. Oper. Res. 62(2), 203–209 (1992)
Sancho, N.: A new type of multi-objective routing problem. Eng. Optim. 14(2), 115–119 (1988)
Wijeratne, A.B., Turnquist, M.A., Mirchandani, P.B.: Multiobjective routing of hazardous materials in stochastic networks. Eur. J. Oper. Res. 65(1), 33–43 (1993)
Gandibleux, X., Beugnies, F., Randriamasy, S.: Martins’ algorithm revisited for multi-objective shortest path problems with a maxmin cost function. 4OR 4(1), 47–59 (2006)
Sarraute, C., Richarte, G., Lucangeli Obes, J.: An algorithm to find optimal attack paths in nondeterministic scenarios. In: 4th ACM Workshop on Security and Artificial Intelligence, pp. 71–80 (2011)
Johnson, P., Lagerstrom, R., Ekstedt, M.: A meta language for threat modeling and attack simulations. In: 13th ACM International Conference on Availability, Reliability and Security, pp. 1–8 (2018)
Steuer, R.: Multiple Criteria Optimization: Theory, Computation, and Application. WILEY Series in Probability and Mathematical Statistics. Wiley, Hoboken (1986)
Dijkstra, E.W.: A note on two problems in connexion with graphs. Numer. Math. 1(1), 269–271 (1959)
Yen, J.Y.: Finding the k shortest loopless paths in a network. Manage. Sci. 17(11), 712–716 (1971)
Tarjan, R.: Depth-first search and linear graph algorithms. SIAM J. Comput. 1(2), 146–160 (1972)
Al Zoobi, A., Coudert, D., Nisse, N.: Space and time trade-off for the k shortest simple paths problem. In: 18th International Symposium on Experimental Algorithms, vol. 160, pp. 1–13 (2020)
Barbehenn, M.: A note on the complexity of Dijkstra’s algorithm for graphs with weighted vertices. IEEE Trans. Comput. 47(2), 263 (1998)
Rubin, F.: Enumerating all simple paths in a graph. IEEE Trans. Circ. Syst. 25(8), 641–642 (1978)
Acknowledgment
This work was supported by the Swedish Governmental Agency for Innovation Systems (Vinnova).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Patil, R.S., Fodor, V., Ekstedt, M. (2024). Mean Value Analysis of Critical Attack Paths with Multiple Parameters. In: Fritsch, L., Hassan, I., Paintsil, E. (eds) Secure IT Systems. NordSec 2023. Lecture Notes in Computer Science, vol 14324. Springer, Cham. https://doi.org/10.1007/978-3-031-47748-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-47748-5_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-47747-8
Online ISBN: 978-3-031-47748-5
eBook Packages: Computer ScienceComputer Science (R0)