Abstract
Threat models and attack graphs have been used more than 20 years by enterprises and organizations for mapping the actions of potential adversaries, analyzing the effects of vulnerabilities and visualizing attack scenarios. Although efficient when describing high-level interactions in simpler enterprise networks, they fall short in modern decentralized systems, especially in microservices architectures and multi-cloud environments with increased complexity and interactions. Most current research focuses on automatically generating attach graphs for such complex environments and deals with scaling and mapping issues, while neglecting to address the overall complexity of actually analyzing and extracting useful information from these overly convoluted models. In this paper, we present a method for automatically analyzing complex attack graphs both in microservices-based and multi-cloud infrastructures. We piggyback on previous research to automatically create complex attack graphs for such enterprise networks and use it as input to relate microservices, virtual system states and cloud services (represented as graph nodes) with prioritization algorithms that use mathematical graph series and group clustering. Our tool prioritizes existing vulnerabilities, analyzes the effect of system states to the overall network and proposes which system states, vulnerabilities and configurations have the biggest overall risk to the ecosystem, while taking into consideration every potential sub-attack path and subliminal path on an attack graph. We test the efficiency of our software on two real-world use cases: one multi-cloud enterprise network and a NetFlixOSS microservices Docker architecture.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13–14, 1–38 (2014). https://doi.org/10.1016/j.cosrev.2014.07.001
Acunetix: (2008) http://www.acunetix.com/vulnerability-scanner/
Deraison, R.: Nessus (1999). https://www.tenable.com/products/nessus
BS ISO/IEC 27001: Information technology–security techniques–information security management systems–requirements (2013)
Cerotti, D., Raiteri, D.C., Dondossola, G., Egidi, L., Franceschinis, G., Portinale, L., Terruggia, R.: A Bayesian network approach for the interpretation of cyber attacks to power systems. In: ITASEC (2019)
Sanders, S., Border, C.: Private cloud deployment with docker and kubernetes. J. Comput. Sci. Coll. 33, 58–59 (2018)
Ou, X., Boyer, W., McQueen, M.: A scalable approach to attack graph generation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security—CCS’06. pp. 336–345. ACM Press, USA (2006)
Whitcombe, M.: What is attack graph mapping (2020) https://www.f-secure.com/en/consulting/our-thinking/what-is-attack-path-mapping
Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM conference on Computer and communications security—CCS’02, p. 217. ACM Press, Washington, DC, USA (2002)
Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: 2006 22nd Annual Computer Security Applications Conference (ACSAC’06). pp. 121–130. IEEE, USA (2006)
Noel, S., Jajodia, S., O’Berry, B., Jacobs, M.: Efficient minimum-cost network hardening via exploit dependency graphs. In: Proceedings of the 19th Annual Computer Security Applications Conference. p. 86. IEEE Computer Society, USA (2003)
Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 Workshop on New security paradigms—NSPW’98. pp. 71–79. ACM Press, USA (1998)
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: Proceedings 2002 IEEE Symposium on Security and Privacy. pp. 273–284. IEEE Comput. Soc, USA (2002)
Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security—VizSEC/DMSEC’04. p. 109. ACM Press, USA (2004)
Sawilla, R., Ou, X.: Identifying Critical Attack Assets in Dependency Attack Graphs. In: Computer Security—ESORICS 2008. pp. 18–34. Springe (2008)
Jajodia, S., Noel, S., O’Berry, B.: Topological analysis of network attack vulnerability. In: Managing Cyber Threats. pp. 247–266. Springer-Verlag, New York (2005)
Tidwell, T., Larson, R., Fitch, K., Hale, J.: Modeling internet attacks. In: Proceedings of the 2001 IEEE Workshop on Information Assurance and security. United States Military Academy, USA (2001)
Ibrahim A, Bozhinoski S, Pretschner A (2019) Attack graph generation for microservice architecture. In: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing. pp. 1235–1242. ACM, Cyprus (2019)
Liu, C., Singhal, A., Wijesekera, D.: Mapping evidence graphs to attack graphs. In: 2012 IEEE International Workshop on Information Forensics and Security (WIFS). pp. 121–126 (2012)
Lippmann, R., Ingols, K.: An Annotated review of past papers on attack graphs. Presented at the (2005)
Musa, T., Yeo, K., Azam, S., Shanmugam, B., Karim, A., Boer, F., Nur, F., Faisal, F.: Analysis of complex networks for security issues using attack graph. In: 2019 International Conference on Computer Communication and Informatics (ICCCI). pp. 1–6. IEEE, India (2019)
Ivanov, D., Kalinin, M., Krundyshev, V., Orel, E.: Automatic security management of smart infrastructures using attack graph and risk analysis. In: 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4). pp. 295–300. IEEE, United Kingdom (2020)
Al Ghazo, A., Ibrahim, M., Ren, H., Kumar, R.: A2G2V: automatic attack graph generation and visualization and its applications to computer and SCADA networks. IEEE Trans. Syst. Man Cybern. Syst. 50, 3488–3498 (2020). https://doi.org/10.1109/TSMC.2019.2915940
Ibrahim, M., Alsheikh, A., Al-Hindawi, Q.: Automatic attack graph generation for industrial controlled systems. In: Recent Developments on Industrial Control Systems Resilience. pp. 99–116. Springer International Publishing, Cham (2020)
Ou, X., Govindavajhala, S.: Mulval: A logic-based network security analyzer. In: In 14th USENIX Security Symposium. pp. 113–128 (2005)
Ramadhan, M., Gondokaryono, Y., Arman, A.: Network Security Risk Analysis using Improved MulVAL Bayesian Attack Graphs. IJEEI 7, 735–753 (2015). https://doi.org/10.15676/ijeei.2015.7.4.15
Noel, S., Jacobs, M., Pramod, K. Jajodia, S.: Multiple coordinated views for network attack graphs. In: IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05). pp. 99–106 (2005)
Williams L, Lippmann R, Ingols K (2008) An Interactive Attack Graph Cascade and Reachability Display. In: VizSEC 2007: Proceedings of the Workshop on Visualization for Computer Security. pp. 221–236. Springer (2008)
Dewri, R., Poolsappasit, N., Ray, I., Whitley, D.: Optimal security hardening using multi-objective optimization on attack tree models of networks. In: Proceedings of the 14th ACM conference on Computer and communications security—CCS’07. p. 204. ACM Press, USA (2007)
Homer, J.: A sound and practical approach to quantifying security risk in enterprise networks. In: CiteSeerX (2009)
Stergiopoulos, G., Kotzanikolaou, P., Theocharidou, M., Lykou, G., Gritzalis, D.: Time-based critical infrastructure dependency analysis for large-scale and cross-sectoral failures. Int. J. Crit. Infrastruct. Prot. 12, 46–60 (2016). https://doi.org/10.1016/j.ijcip.2015.12.002
Stergiopoulos, G., Dedousis, P., Gritzalis, D.: Automatic network restructuring and risk mitigation through business process asset dependency analysis. Comput. Secur. 96, 101869 (2020). https://doi.org/10.1016/j.cose.2020.101869
Oldham, S., Fulcher, B., Parkes, L., Arnatkevic̆iūtė, A., Suo, C., Fornito, A.: Consistency and differences between centrality measures across distinct classes of networks. PLoS ONE. 14, e0220061 (2019). https://doi.org/10.1371/journal.pone.0220061
Stergiopoulos, G., Kotzanikolaou, P., Theocharidou, M., Gritzalis, D.: Risk mitigation strategies for critical infrastructures based on graph centrality analysis. Int. J. Crit. Infrastruct. Prot. 10, 34–44 (2015). https://doi.org/10.1016/j.ijcip.2015.05.003
Common Vulnerability and Exposures (MITRE) (2020). https://cve.mitre.org/cve/
National Vulnerability Database (NIST) (2020). https://nvd.nist.gov/
NIST SP 800-30: Guide for conducting risk assessments. National Institute of Standards and Technology, USA (2012)
Jha, S., Sheyner, O., Wing, J.: Two formal analyses of attack graphs. In: Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15. pp. 49–63. IEEE, Canada (2002)
Kotzanikolaou, P., Theoharidou, M., Gritzalis, D.: Assessing n-order dependencies between critical infrastructures. IJCIS. (2013). https://doi.org/10.1504/IJCIS.2013.051606
Kotzanikolaou, P., Theoharidou, M., Gritzalis, D.: Interdependencies between critical infrastructures: analyzing the risk of cascading effects. In: Critical Information Infrastructure Security. pp. 104–115. Springer (2013)(b)
Chu, Y.J., Liu, T.H.: On the shortest arborescence of a directed graph. Sci. Sinica 14, 1396–1400 (1965)
Edmonds, J.: Optimum branchings. J. Res. Natl. Bur. Stan. Sect. B. Math. Math. Phys. 71B, 233 (1967). https://doi.org/10.6028/jres.071B.032
Guignard, M., Rosenwein, M.: An application of lagrangean decomposition to the resource-constrained minimum weighted arborescence problem. Networks 20, 345–359 (1990). https://doi.org/10.1002/net.3230200306
Carpaneto, G., Martello, S., Toth, P.: An algorithm for the bottleneck traveling salesman problem. Oper. Res. 32, 380–389 (1984). https://doi.org/10.1287/opre.32.2.380
Coscia, M.: Using arborescences to estimate hierarchicalness in directed complex networks. PLoS ONE 13, e0190825 (2018). https://doi.org/10.1371/journal.pone.0190825
Glover, F.: Flows in arborescences. Manage. Sci. 17, 568–586 (1971). https://doi.org/10.1287/mnsc.17.9.568
Korte, B., Vygen, J.: Spanning trees and arborescences. In: Combinatorial Optimization. pp. 131–155. Springer (2012)
Bock, F.: An algorithm to construct a minimum directed spanning tree in a directed network. Dev. Oper. Res. 29–44 (1971)
Jungnickel, D.: Spanning trees. In: Graphs, networks and algorithms. pp. 99–123. Springer, Berlin (2013)
Camerini, P., Fratta, L., Maffioli, F.: A note on finding optimum branchings. Networks 9, 309–312 (1979). https://doi.org/10.1002/net.3230090403
Gabow, H., Galil, Z., Spencer, T., Tarjan, R.: Efficient algorithms for finding minimum spanning trees in undirected and directed graphs. Combinatorica 6, 109–122 (1986). https://doi.org/10.1007/BF02579168
Fredman, M., Tarjan, R.: Fibonacci heaps and their uses in improved network optimization algorithms. J. ACM 34, 596–615 (1987). https://doi.org/10.1145/28869.28874
Dwivedi, A., Yu, X., Sokolowski, P.: Analyzing power network vulnerability with maximum flow-based centrality approach. In: 2010 8th IEEE International Conference on Industrial Informatics. pp. 336–341. IEEE, Japan (2010)
Kiesling, S., Klünder, J., Fischer, D., Schneider, K., Fischbach, K.: Applying social network analysis and centrality measures to improve information flow analysis. In: Product-Focused Software Process Improvement. pp. 379–386. Springer International Publishing, Cham (2016)
Maccari, L., Nguyen, Q., Lo Cigno, R.: On the computation of centrality metrics for network security in mesh networks. In: 2016 IEEE Global Communications Conference (GLOBECOM). pp. 1–6. IEEE, USA (2016)
Zegura, E., Calvert, K., Donahoo, M.: A quantitative comparison of graph-based models for Internet topology. IEEE/ACM Trans. Netw. 5, 770–783 (1997)
Bavelas, A.: Communication patterns in task-oriented groups. J. Acoust. Soc. Am. 22, 725–730 (1950). https://doi.org/10.1121/1.1906679
Shao, B., Wang, H., Xiao, Y.: Managing and mining large graphs: systems and implementations. In: Proceedings of the 2012 International Conference on Management of Data—SIGMOD’12. p. 589. ACM Press, USA (2012)
Vicknair, C., Macias, M., Zhao, Z., Nan, X., Chen, Y., Wilkins, D.: A comparison of a graph database and a relational database: a data provenance perspective. In: Proceedings of the 48th Annual Southeast Regional Conference on—ACM SE’10. p. 1. ACM Press, USA (2010)
Allen, D., Hodler, A., Hunger, M., Knobloch, M., Lyon, W., Needham, M., Voigt, H.: Understanding trolls with efficient analytics of large graphs in Neo4j. BTW (2019). https://doi.org/10.18420/BTW2019-23
Geepalla, E., Asharif, S.: Analysis of Physical Access Control System for Understanding Users Behavior and Anomaly Detection Using Neo4j. In: Proceedings of the 6th International Conference on Engineering and MIS 2020. pp. 1–6. ACM, Kazakhstan (2020)
Jouili, S., Vansteenberghe, V.: An empirical comparison of graph databases. In: 2013 International Conference on Social Computing. pp. 708–715. IEEE, USA (2013)
Ugurel, S., Krovetz, R., Giles, C.: What’s the code? Automatic classification of source code archives. In: Proceedings of the eighth ACM SIGKDD International Conference on Knowledge discovery and Data Mining—KDD’02. p. 632. ACM Press, Canada (2002)
Kolomičenko, V., Svoboda, M., & Mlýnková, I. H.: Experimental comparison of graph databases. In: Proceedings of International Conference on Information Integration and Web-Based Applications & Services—IIWAS’13. pp. 115–124. (2013). https://doi.org/10.1145/2539150.2539155
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
None of the authors have received any research grants. None of the authors have received a speaker honorarium from any company. All authors declare that none of them has any conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix 1: NetflixOSS CVE and edge derivations
Appendix 1: NetflixOSS CVE and edge derivations
Edge ID | Vulnerability | Risk | Source Node | Target Node | Edge ID | Vulnerability | Risk | Source Node | Target Node |
|---|---|---|---|---|---|---|---|---|---|
E1 | CVE-2005-2541 | 10 | S15 | S1 | E48 | CVE-2017-1000116 | 10 | S13 | S12 |
E2 | CVE-2005-2541 | 10 | S14 | S1 | E49 | CVE-2017-1000116 | 10 | S11 | S12 |
E3 | CVE-2005-2541 | 10 | S13 | S1 | E50 | CVE-2017-1000116 | 10 | S10 | S12 |
E4 | CVE-2005-2541 | 10 | S12 | S1 | E51 | CVE-2017-1000116 | 10 | S4 | S12 |
E5 | CVE-2005-2541 | 10 | S11 | S1 | E52 | CVE-2017-1000116 | 10 | S3 | S12 |
E6 | CVE-2005-2541 | 10 | S10 | S1 | E53 | CVE-2017-7376 | 10 | S17 | S13 |
E7 | CVE-2005-2541 | 10 | S2 | S1 | E54 | CVE-2017-7376 | 10 | S16 | S13 |
E8 | CVE-2017-7376 | 10 | S15 | S2 | E55 | CVE-2017-7376 | 10 | S15 | S13 |
E9 | CVE-2017-7376 | 10 | S14 | S2 | E56 | CVE-2017-7376 | 10 | S14 | S13 |
E10 | CVE-2017-7376 | 10 | S13 | S2 | E57 | CVE-2017-7376 | 10 | S11 | S13 |
E11 | CVE-2017-7376 | 10 | S12 | S2 | E58 | CVE-2017-7376 | 10 | S10 | S13 |
E12 | CVE-2017-7376 | 10 | S11 | S2 | E59 | CVE-2017-7376 | 10 | S4 | S13 |
E13 | CVE-2017-7376 | 10 | S10 | S2 | E60 | CVE-2017-7376 | 10 | S3 | S13 |
E14 | CVE-2005-2541 | 10 | S21 | S3 | E61 | CVE-2017-13090 | 9.3 | S15 | S14 |
E15 | CVE-2005-2541 | 10 | S20 | S3 | E62 | CVE-2017-13090 | 9.3 | S11 | S14 |
E16 | CVE-2005-2541 | 10 | S11 | S3 | E63 | CVE-2017-13090 | 9.3 | S10 | S14 |
E17 | CVE-2005-2541 | 10 | S4 | S3 | E64 | CVE-2017-13090 | 9.3 | S4 | S14 |
E18 | CVE-2017-7376 | 10 | S21 | S4 | E65 | CVE-2017-13090 | 9.3 | S3 | S14 |
E19 | CVE-2017-7376 | 10 | S20 | S4 | E66 | CVE-2009-2347 | 9.3 | S11 | S15 |
E20 | CVE-2017-16997 | 9.3 | S19 | S5 | E67 | CVE-2009-2347 | 9.3 | S10 | S15 |
E21 | CVE-2017-16997 | 9.3 | S18 | S5 | E68 | CVE-2009-2347 | 9.3 | S4 | S15 |
E22 | CVE-2017-16997 | 9.3 | S6 | S5 | E69 | CVE-2009-2347 | 9.3 | S3 | S15 |
E23 | CVE-2017-16997 | 9.3 | S6 | S5 | E70 | CVE-2017-1000116 | 10 | S17 | S16 |
E24 | CVE-2019-3855 | 9.3 | S19 | S6 | E71 | CVE-2017-1000116 | 10 | S15 | S16 |
E25 | CVE-2019-3855 | 9.3 | S18 | S6 | E72 | CVE-2017-1000116 | 10 | S14 | S16 |
E26 | CVE-2016-2842 | 10 | S15 | S8 | E73 | CVE-2017-1000116 | 10 | S11 | S16 |
E27 | CVE-2016-2842 | 10 | S14 | S8 | E74 | CVE-2017-1000116 | 10 | S10 | S16 |
E28 | CVE-2016-2842 | 10 | S13 | S8 | E75 | CVE-2017-1000116 | 10 | S4 | S16 |
E29 | CVE-2016-2842 | 10 | S12 | S8 | E76 | CVE-2017-1000116 | 10 | S3 | S16 |
E30 | CVE-2016-2842 | 10 | S11 | S8 | E77 | CVE-2017-7376 | 10 | S15 | S17 |
E31 | CVE-2016-2842 | 10 | S10 | S8 | E78 | CVE-2017-7376 | 10 | S14 | S17 |
E32 | CVE-2016-2842 | 10 | S9 | S8 | E79 | CVE-2017-7376 | 10 | S11 | S17 |
E33 | CVE-2016-2108 | 10 | S15 | S9 | E80 | CVE-2017-7376 | 10 | S10 | S17 |
E34 | CVE-2016-2108 | 10 | S14 | S9 | E81 | CVE-2017-7376 | 10 | S4 | S17 |
E35 | CVE-2016-2108 | 10 | S13 | S9 | E82 | CVE-2017-7376 | 10 | S3 | S17 |
E36 | CVE-2016-2108 | 10 | S12 | S9 | E83 | CVE-2017-13090 | 9.3 | S19 | S18 |
E37 | CVE-2016-2108 | 10 | S11 | S9 | E84 | CVE-2017-13090 | 9.3 | S17 | S18 |
E38 | CVE-2016-2108 | 10 | S10 | S9 | E85 | CVE-2017-13090 | 9.3 | S16 | S18 |
E39 | CVE-2017-1000116 | 10 | S11 | S10 | E86 | CVE-2017-13090 | 9.3 | S9 | S18 |
E40 | CVE-2017-1000116 | 10 | S4 | S10 | E87 | CVE-2017-13090 | 9.3 | S8 | S18 |
E41 | CVE-2017-1000116 | 10 | S3 | S10 | E88 | CVE-2011-2895 | 9.3 | S17 | S19 |
E42 | CVE-2017-7376 | 10 | S4 | S11 | E89 | CVE-2011-2895 | 9.3 | S16 | S19 |
E43 | CVE-2017-7376 | 10 | S3 | S11 | E90 | CVE-2017-7376 | 10 | S9 | S19 |
E44 | CVE-2017-1000116 | 10 | S17 | S12 | E91 | CVE-2011-2895 | 9.3 | S8 | S19 |
E45 | CVE-2017-1000116 | 10 | S16 | S12 | E92 | CVE-2017-1000116 | 10 | S21 | S20 |
E46 | CVE-2017-1000116 | 10 | S15 | S12 | E93 | CVE-2017-13090 | 9.3 | S22 | S20 |
E47 | CVE-2017-1000116 | 10 | S14 | S12 | E94 | CVE-2017-7376 | 10 | S22 | S21 |
Rights and permissions
About this article
Cite this article
Stergiopoulos, G., Dedousis, P. & Gritzalis, D. Automatic analysis of attack graphs for risk mitigation and prioritization on large-scale and complex networks in Industry 4.0. Int. J. Inf. Secur. 21, 37–59 (2022). https://doi.org/10.1007/s10207-020-00533-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-020-00533-4