Skip to main content

Advertisement

Springer Nature Link
Log in

K maximum probability attack paths generation algorithm for target nodes in networked systems

  • regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

As known, security system administrators need to be aware of the security risks and abnormal behaviors in a network system. Given the exploitation probability value of each vulnerability, the cumulative probability of an attack path from an attacker to a target node can be quantified and calculated, namely as the K maximum probability attack paths for a target node. It is proposed in this paper a design to compute the K maximum probability attack paths for a given set of target nodes, where available vulnerability sets for each node in the system are built and assigned to different access flags during the computation process of attack paths, aimed at reducing the computation costs. Experimental results show that the proposed design can improve the performance on the computation of the K maximum probability attack paths for a given set of target nodes, promising and more efficient than existing algorithms to generate the attack paths.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16

Similar content being viewed by others

References

  1. Almohri, H., Yao, D., Watson, L., Ou, X.: Security optimization of dynamic networks with probabilistic graph modeling and linear programming. IEEE Trans. Depend. Secure 13, 474–487 (2016)

    Article  Google Scholar 

  2. Zhang, W., Han, D., Li, K.C., Massetto, F.I.: Wireless sensor network intrusion detection system based on MK-ELM. In: Soft Computing, Springer, Berlin

  3. Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, DC, USA, 18–22 Nov 2002, ACM, New York, NY, USA, pp. 217–224

  4. Kaynar, K.: A taxonomy for attack graph generation and usage in network security. J. Inf. Secur. Appl. 29, 27–56 (2016)

    Google Scholar 

  5. Common Vulnerability Scoring System. http://www.first.org/cvss. Accessed on 1 Oct 2019

  6. Li, K., Gu, N.J., Bi, K., Ji, H.Z.: Network security evaluation algorithm based on access level vectors. In: Proceedings of the 9th International Conference for Young Computer Scientists, Hunan, China, 18–21 November 2008, IEEE, Piscataway, NJ, USA, pp. 1538–1544

  7. Bi, K., Han, D.Z., Wang, J.: K maximum probability attack paths dynamic generation algorithm. Comput. Sci. Inf. Syst. 13, 677–689 (2016)

    Article  Google Scholar 

  8. Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 workshop on New security paradigms, Charlottesville, Virginia, USA, 22–26 September 1998, ACM, New York, NY, USA, pp. 71–79

  9. Sheyner, O., Haines, J., Jha, S.: Automated generation and analysis of attack graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Berkeley, California, USA, 12–15 May 2002, IEEE, Piscataway, NJ, USA, pp. 273–284

  10. OU, X.M., Boyer, F.W., McQueen, A.: A scalable approach to attack graph generation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA, 30 October 03, November 2006, ACM, New York, NY, USA, pp. 336–345

  11. Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: Proceedings of the 22nd Annual Computer security Applications Conference, Miami Beach, Florida, USA, 11–15 December 2006, IEEE, Piscataway, NJ, USA, pp. 121–130

  12. Lippmann, R., Ingols, K., Scott, C., Piwowarski, K., Kratkiewicz, K., Artz, M., Cunningham, R.: Validating and restoring defense in depth using attack graphs. In: Proceedings of Military Communications Conference, Washington DC, USA, 23–25 October 2006, IEEE, Piscataway, NJ, USA, pp. 1–10

  13. Chen, F., Su, J.S., Zhang, Y.: A scalable approach to full attack graphs generation. In: Engineering Secure Software and Systems, Lecture Notes in Computer Science, 2009, vol. 5429; Springer Berlin Heidelberg: Berlin, Heidelberg; pp. 150–163

  14. Kent, A.D., Liebrock, L.M., Neil, J.C.: Authentication graphs: Analyzing user behavior within an enterprise network. Comput. Secur. 48, 150–166 (2015)

    Article  Google Scholar 

  15. Shameli-Sendi, A., Cheriet, M., Hamou-Lhadj, A.: Taxonomy of intrusion risk assessment and response system. Comput. Secur. 45, 1–16 (2014)

    Article  Google Scholar 

  16. Kaynar, K., Sivrikaya, F.: Distributed attack graph generation. IEEE Trans. Depend. Secure. 13, 519–532 (2016)

    Article  Google Scholar 

  17. Chung, C.J., Khatkar, P., Xing, T., Lee, J., Huang, D.: Nice: Network intrusion detection and countermeasure selection in virtual network systems. IEEE Trans. Depend. Secure. 10, 198–211 (2013)

    Article  Google Scholar 

  18. Bopche, G.S., Mehtre, B.M.: Graph similarity metrics for assessing temporal changes in attack surface of dynamic networks. Comput. Secur. 64, 16–43 (2017)

    Article  Google Scholar 

  19. Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using bayesian attack graphs. IEEE Trans. Depend. Secure. 9, 61–74 (2012)

    Article  Google Scholar 

  20. Wang, S., Zhang, Z., Kadobayashi, Y.: Exploring attack graph for cost-benefit security hardening: A probabilistic approach. Comput. Secur. 32, 158–169 (2013)

    Article  Google Scholar 

  21. Liang, W., Li, K.C., Long, J., Kui, X., Zomaya, A.Y.: An industrial network intrusion detection algorithm based on multifeature data clustering optimization model. IEEE Trans. Ind. Inform. 16(3), 2063–2071 (2019)

    Article  Google Scholar 

  22. Liang, W., Tang, M., Long, J., Peng, X., Xu, J., Li, K.C.: A secure fabric blockchain-based data transmission technique for industrial Internet-of-Things. IEEE Trans. Ind. Inform. 15(6), 3582–3592 (2019)

    Article  Google Scholar 

  23. W. Liang, J. Long, T.-H. Weng, X. Chen, K.-C. Li, A.Y. Zomaya, “TBRS: A trust based recommendation scheme for vehicular CPS network”, Future Generation Computer Systems, 92, p. 383-398, 2019, North-Holland [CrossRef]

  24. Sherry, J., Hasan, S., Scott, C., Krishnamurthy, A., Ratnasamy, S., Sekar, V.: Making middleboxes someone else’s problem: network processing as a cloud service. ACM SIGCOMM Comput. Commun. Rev. 42(4), 13–24 (2012)

    Article  Google Scholar 

Download references

Acknowledgements

Authors of this manuscript are grateful to the valuable comments provided by external reviewers and international experts for the improvement of technical and organization sections.

Funding

This research was funded in part by the National Natural Science Foundation of China, Grant Numbers: 61672338, 51779136, 61873160 and 61373028.

Author information

Authors and Affiliations

  1. College of Information Engineering, Shanghai Maritime University, Shanghai, 201306, China

    Kun Bi & Dezhi Han

  2. Merchant Marine College, Shanghai Maritime University, Shanghai, 201306, China

    Guichen Zhang

  3. Department of Computer Science and Information Engineering, Providence University, Taichung, 43301, Taiwan

    Kuan-Ching Li

  4. Department of Science and Technology, Parthenope University of Naples, Naples, Italy

    Aniello Castiglione

Authors
  1. Kun Bi
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Dezhi Han
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Guichen Zhang
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Kuan-Ching Li
    View author publications

    You can also search for this author inPubMed Google Scholar

  5. Aniello Castiglione
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Kuan-Ching Li.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bi, K., Han, D., Zhang, G. et al. K maximum probability attack paths generation algorithm for target nodes in networked systems. Int. J. Inf. Secur. 20, 535–551 (2021). https://doi.org/10.1007/s10207-020-00517-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-020-00517-4

Keywords