Skip to main content
Springer Nature Link
Log in

Automated Enrichment of Logical Attack Graphs via Formal Ontologies

  • Conference paper
  • First Online:
ICT Systems Security and Privacy Protection (SEC 2023)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 679))

  • 307 Accesses

Abstract

Attack graphs represent the possible actions of adversaries to attack a system. Cybersecurity experts use them to make decisions concerning remediation and recovery plans. There are different attack graph-building approaches. We focus on logical attack graphs. Networks and vulnerabilities constantly change; we propose an attack graph enrichment approach based on semantic augmentation post-processing of the logic predicates. Mapping attack graphs with alerts from a monitored system allows for confirming successful attack actions and updating according to network and vulnerability changes. The predicates get periodically updated based on attack evidence and ontology knowledge, allowing us to verify whether changes lead the attacker to the initial goals or cause further damage to the system not anticipated in the initial graphs. We illustrate our approach using a specific cyber-physical scenario affecting smart cities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    An early version of this work is available in Ref. [12].

  2. 2.

    https://github.com/usnistgov/vulntology.

  3. 3.

    https://www.prelude-siem.com/en/oss-version/.

  4. 4.

    https://www.tenable.com/products/nessus/nessus-essentials.

  5. 5.

    https://github.com/Kekere/prelude-elk.

  6. 6.

    https://github.com/Kekere/prelude-elk.

  7. 7.

    https://suricata.io/.

  8. 8.

    https://www.rsyslog.com/windows-agent/.

References

  1. Aguessy, F.-X., Bettan, O., Blanc, G., Conan, V., Debar, H.: Hybrid risk assessment model based on Bayesian networks. In: Ogawa, K., Yoshioka, K. (eds.) IWSEC 2016. LNCS, vol. 9836, pp. 21–40. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44524-3_2

    Chapter  Google Scholar 

  2. Falodiya, K., Das, M.L.: Security vulnerability analysis using ontology-based attack graphs. In: 2017 14th IEEE India Council International Conference, INDICON 2017, pp. 1–5 (2018)

    Google Scholar 

  3. Ghosh, N., Ghosh, S.: A planner-based approach to generate and analyze minimal attack graph. Appl. Intell. 36(2), 369–390 (2012)

    Article  Google Scholar 

  4. Gonzalez, D., Hastings, H., Mirakhorli, M.: Automated characterization of software vulnerabilities. In: 2019 IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 135–139. IEEE (2019)

    Google Scholar 

  5. Hu, Q., Asghar, M.R., Brownlee, N.: Measuring IPv6 DNS reconnaissance attacks and preventing them using DNS guard. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 350–361. IEEE (2018)

    Google Scholar 

  6. Kaiser, F.K., Andris, L.J., Tennig, T.F., Iser, J.M., Wiens, M., Schultmann, F.: Cyber threat intelligence enabled automated attack incident response. In: 2022 3rd International Conference on Next Generation Computing Applications (NextComp), pp. 1–6. IEEE (2022)

    Google Scholar 

  7. Lee, J., Moon, D., Kim, I., Lee, Y.: A semantic approach to improving machine readability of a large-scale attack graph. J. Supercomput. 75(6), 3028–3045 (2019)

    Article  Google Scholar 

  8. Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 336–345 (2006)

    Google Scholar 

  9. Xinming, O., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: USENIX Security Symposium, Baltimore, MD, vol. 8, pp. 113–128 (2005)

    Google Scholar 

  10. Roschke, S., Cheng, F., Meinel, C.: Using vulnerability information and attack graphs for intrusion detection. In: 2010 6th International Conference on Information Assurance and Security, IAS 2010, pp. 68–73 (2010)

    Google Scholar 

  11. Roschke, S., Cheng, F., Schuppenies, R., Meinel, C.: Towards unifying vulnerability information for attack graph construction. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 218–233. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04474-8_18

    Chapter  Google Scholar 

  12. Saint-Hilaire, K., Cuppens, F., Cuppens, N., Garcia-Alfaro, J.: Ontology-based attack graph enrichment. In: 2021 TIEMS (The International Emergency Management Society) Annual Conference, Paris, France (2021). https://arxiv.org/abs/2202.04016

  13. Stan, O., et al.: Heuristic approach for countermeasure selection using attack graphs. In: 2021 IEEE 34th Computer Security Foundations Symposium (CSF), pp. 1–16 (2021)

    Google Scholar 

Download references

Acknowledgements

We acknowledge financial support from the European Commission (H2020 IMPETUS project, under grant agreement 883286) and the Chair CRITiCAL, funded by MITACS (Canada).

Author information

Authors and Affiliations

  1. SAMOVAR, Télécom SudParis, Institut Polytechnique de Paris, Palaiseau, France

    Kéren Saint-Hilaire & Joaquin Garcia-Alfaro

  2. Polytechnique Montréal, Montréal, Canada

    Frédéric Cuppens & Nora Cuppens

  3. Chair CRITiCAL, MITACS, Montréal, Canada

    Kéren Saint-Hilaire, Frédéric Cuppens & Nora Cuppens

Authors
  1. Kéren Saint-Hilaire
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Frédéric Cuppens
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nora Cuppens
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Joaquin Garcia-Alfaro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joaquin Garcia-Alfaro .

Editor information

Editors and Affiliations

  1. Poznan Supercomputing and Networking Center, Poznań, Poland

    Norbert Meyer

  2. Poznań University of Technology, Poznań, Poland

    Anna Grocholewska-Czuryło

Rights and permissions

Reprints and permissions

Copyright information

© 2024 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Saint-Hilaire, K., Cuppens, F., Cuppens, N., Garcia-Alfaro, J. (2024). Automated Enrichment of Logical Attack Graphs via Formal Ontologies. In: Meyer, N., Grocholewska-Czuryło, A. (eds) ICT Systems Security and Privacy Protection. SEC 2023. IFIP Advances in Information and Communication Technology, vol 679. Springer, Cham. https://doi.org/10.1007/978-3-031-56326-3_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-56326-3_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-56325-6

  • Online ISBN: 978-3-031-56326-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships