Skip to main content
Springer Nature Link
Log in

Network Vulnerability Analysis Using a Constrained Graph Data Model

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10063))

Included in the following conference series:

Abstract

Attack Graphs have been widely used by the network security administrators to gain an understanding of possible attack paths, an attacker may follow to compromise critical resources. As networks get larger and more complex, one needs to use databases to perform iterative, interactive analysis tasks with attack graphs. In this paper we investigate how property graph based graph databases like Neo4j can be effectively used towards this application. We show that extending the standard property graph model with a constraint specification mechanism aids attack graph modeling and interactive analytics. We briefly sketch a preliminary attempt to implement a constraint layer over Neo4j and show how attack graph generation and analysis can be performed faithfully in Neo4j using the extended model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Asterixdb. https://asterixdb.ics.uci.edu/. Accessed 30 July 2016

  2. Cypher query language. https://neo4j.com/developer/cypher-query-language/. Accessed 30 July 2016

  3. Neo4j graph database. https://neo4j.com/. Accessed 30 July 2016

  4. Property graph model. https://github.com/tinkerpop/blueprints/wiki/Property-Graph-Model. Accessed 30 July 2016

  5. Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, New York, pp. 217–224. ACM (2002)

    Google Scholar 

  6. Barceló, P., Libkin, L., Lin, A.W., Wood, P.T.: Expressive languages for path queries over graph-structured data. ACM Trans. Database Syst. (TODS) 37(4), 31 (2012)

    Article  Google Scholar 

  7. Barik, M.S., Mazumdar, C.: A graph data model for attack graph generation and analysis. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds.) SNDS 2014. CCIS, vol. 420, pp. 239–250. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54525-2_22

    Chapter  Google Scholar 

  8. Dacier, M., Deswarte, Y.: Privilege graph: an extension to the typed access matrix model. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 319–334. Springer, Heidelberg (1994). doi:10.1007/3-540-58618-0_72

    Chapter  Google Scholar 

  9. Ingols, K., Chu, M., Lippmann, R., Webster, S., Boyer, S.: Modeling modern network attacks and countermeasures using attack graphs. In: Computer Security Applications Conference, ACSAC 2009, Annual, pp. 117–126, December 2009

    Google Scholar 

  10. Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: ACSAC 2006: Proceedings of the 22nd Annual Computer Security Applications Conference, Washington, DC, USA, pp. 121–130. IEEE Computer Society (2006)

    Google Scholar 

  11. Jajodia, S., Noel, S., Berry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats, pp. 247–266. Springer, New York (2005)

    Chapter  Google Scholar 

  12. Jha, S., Sheyner, O., Wing, J.: Two formal analysis of attack graphs. In: CSFW 2002: Proceedings of the 15th IEEE Workshop on Computer Security Foundations, Washington, DC, USA, p. 49. IEEE Computer Society (2002)

    Google Scholar 

  13. Lippmann, R., Ingols, K., Scott, C., Piwowarski, K., Kratkiewicz, K., Artz, M., Cunningham, R.: Validating and restoring defense in depth using attack graphs. In: Proceedings of the 2006 IEEE Conference on Military Communications, MILCOM 2006, Piscataway, NJ, USA, pp. 981–990. IEEE Press (2006)

    Google Scholar 

  14. Liu, C., Singhal, A., Wijesekera, D.: Using attack graphs in forensic examinations. In: 2012 Seventh International Conference on Availability, Reliability and Security (ARES), pp. 596–603, August 2012

    Google Scholar 

  15. Noel, S., Harley, E., Tam, K.H., Gyor, G.: Big-data architecture for cyber attack graphs: representing security relationships in nosql graph databases. In: 2015 IEEE International Symposium on Technologies for Homeland Security (HST), April 2015

    Google Scholar 

  16. Noel, S., Jajodia, S.: Metrics suite for network attack graph analytics. In: Proceedings of the 9th Annual Cyber and Information Security Research Conference, CISR 2014, New York, NY, USA, pp. 5–8. ACM (2014)

    Google Scholar 

  17. Noel, S., Robertson, E., Jajodia, S.: Correlating intrusion events, building attack scenarios through attack graph distances. In: ACSAC 2004: Proceedings of the 20th Annual Computer Security Applications Conference, Washington, DC, USA, pp. 350–359. IEEE Computer Society (2004)

    Google Scholar 

  18. Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: CCS 2006: Proceedings of the 13th ACM Conference on Computer and Communications Security, New York, NY, USA, pp. 336–345. ACM (2006)

    Google Scholar 

  19. Pamula, J., Jajodia, S., Ammann, P., Swarup, V.: A weakest-adversary security metric for network configuration security analysis. In: QoP 2006: Proceedings of the 2nd ACM Workshop on Quality of Protection, New York, NY, USA, pp. 31–38. ACM (2006)

    Google Scholar 

  20. Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: NSPW 1998: Proceedings of the 1998 Workshop on New Security Paradigms, New York, NY, USA, pp. 71–79. ACM (1998)

    Google Scholar 

  21. Ritchey, R.W., Ammann, P.: Using model checking to analyze network vulnerabilities. In: SP 2000: Proceedings of the 2000 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 156. IEEE Computer Society (2000)

    Google Scholar 

  22. Schneier, B.: Secrets & Lies: Digital Security in a Networked World, 1st edn. John Wiley & Sons Inc., New York (2000)

    Google Scholar 

  23. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation, analysis of attack graphs. In: SP 2002: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 273. IEEE Computer Society (2002)

    Google Scholar 

  24. Thalheim, B.: Extended entity-relationship model. In: Liu, L., Tamer Özsu, M. (eds.) Encyclopedia of Database Systems, pp. 1083–1091. Springer, New York (2009)

    Google Scholar 

  25. Wang, L., Islam, T., Long, T., Singhal, A., Jajodia, S.: An attack graph-based probabilistic security metric. In: Proceeedings of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, pp. 283–296, Springer, Heidelberg (2008)

    Google Scholar 

  26. Wang, L., Jajodia, S., Singhal, A., Cheng, P., Noel, S.: k-zero day safety: a network security metric for measuring the risk of unknown vulnerabilities. IEEE Trans. Dependable Secure Comput. 11(1), 30–44 (2014)

    Article  Google Scholar 

  27. Wang, L., Liu, A., Jajodia, S.: Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts. Comput. Commun. 29(15), 2917–2933 (2006)

    Article  Google Scholar 

  28. Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Comput. Commun. 29(18), 3812–3824 (2006)

    Article  Google Scholar 

  29. Wang, L., Yao, C., Singhal, A., Jajodia, S.: Interactive analysis of attack graphs using relational queries. In: Damiani, E., Liu, P. (eds.) DBSec 2006. LNCS, vol. 4127, pp. 119–132. Springer, Heidelberg (2006). doi:10.1007/11805588_9

    Chapter  Google Scholar 

  30. Wang, L., Yao, C., Singhal, A., Jajodia, S.: Implementing interactive analysis of attack graphs using relational databases. J. Comput. Secur. 16(4), 419–437 (2008)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Jadavpur University, Kolkata, India

    Mridul Sankar Barik & Chandan Mazumdar

  2. University of California San Diego, La Jolla, USA

    Amarnath Gupta

Authors
  1. Mridul Sankar Barik
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chandan Mazumdar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Amarnath Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mridul Sankar Barik .

Editor information

Editors and Affiliations

  1. Colorado State University, Fort Collins, Colorado, USA

    Indrajit Ray

  2. Malaviya National Institute of Technology, Jaipur, India

    Manoj Singh Gaur

  3. University of Padua, Padua, Italy

    Mauro Conti

  4. IIIT Delhi, Delhi, India

    Dheeraj Sanghi

  5. IIT Madras, Madras, India

    V. Kamakoti

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Barik, M.S., Mazumdar, C., Gupta, A. (2016). Network Vulnerability Analysis Using a Constrained Graph Data Model. In: Ray, I., Gaur, M., Conti, M., Sanghi, D., Kamakoti, V. (eds) Information Systems Security. ICISS 2016. Lecture Notes in Computer Science(), vol 10063. Springer, Cham. https://doi.org/10.1007/978-3-319-49806-5_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-49806-5_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-49805-8

  • Online ISBN: 978-3-319-49806-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics