skip to main content
10.1145/3321705.3329853acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
short-paper

Design Procedure of Knowledge Base for Practical Attack Graph Generation

Published: 02 July 2019 Publication History

Abstract

Cyber security assessment is an essential activity for understanding the security risks in an enterprise environment. While many tools have been developed in order to evaluate the security risks for individual hosts, it is still a challenge to identify multi-hop cyber security risks in a large-scale environment. An attack graph, which provides a comprehensive view of attacks, assists in identifying high-risk attack paths and efficiently deploying countermeasures. Several frameworks which generate an attack graph from system information and knowledge base have also been developed in the past. Although these tools are widely adopted, their expression capabilities are insufficient. The expansion of knowledge base is needed to handle comprehensive attack scenario. In this research, we developed an attack graph generation system by extending the MulVAL framework which is widely adopted due to its high extensibility. We designed and implemented knowledge base (also known as "interaction rules" in the MulVAL framework) for practical attack graph generation. A structured design procedure is necessary to construct a knowledge base that enables comprehensive analysis, which is highly important for actual risk assessment. We describe the design procedure, design considerations and implementation of our rule set. Additionally, we demonstrate the improvement to the generated attack graph by the implemented rules in a case study.

References

[1]
Jaime C Acosta, Edgar Padilla, and John Homer. 2016. Augmenting attack graphs to represent data link and network layer vulnerabilities. In Military Communications Conference, MILCOM 2016--2016 IEEE. IEEE, 1010--1015.
[2]
Eugen Bacic, Michael Froh, and Glen Henderson. 2006. Mulval extensions for dynamic asset protection. Technical Report. CINNABAR NETWORKS INC OTTAWA (ONTARIO).
[3]
Michael John Froh and Glen Henderson. 2009. MulVAL extensions II .Defence R&D Canada-Ottawa.
[4]
James Tan Wee Jing, Lim Wee Yong, Dinil Mon Divakaran, and Vrizlynn LL Thing. 2017. Augmenting MulVAL with automated extraction of vulnerabilities descriptions. In Region 10 Conference, TENCON 2017--2017 IEEE. IEEE, 476--481.
[5]
Barbara Kordy, Ludovic Pietre-Cambacedes, and Patrick Schweitzer. 2014. DAG-based attack and defense modeling: Don't miss the forest for the attack trees. Computer science review 13, Vol. 13 (2014), 1--38.
[6]
Changwei Liu, Anoop Singhal, and Duminda Wijesekera. 2015. A logic-based network forensic model for evidence analysis. In IFIP International Conference on Digital Forensics. Springer, 129--145.
[7]
Monali Mavani and Krishna Asawa. 2017. Modeling and analyses of IP spoofing attack in 6LoWPAN network. Computers & Security, Vol. 70 (2017), 95--110.
[8]
MITRE. {n.d.}. MITRE ATT&CK. https://attack.mitre.org/ Retrieved Jan 2, 2019 from
[9]
Richard E Neapolitan et almbox. 2004. Learning bayesian networks. Vol. 38. Pearson Prentice Hall Upper Saddle River, NJ.
[10]
Thomas Dyhre Nielsen and Finn Verner Jensen. 2009. Bayesian networks and decision graphs .Springer Science & Business Media.
[11]
Xinming Ou, Wayne F Boyer, and Miles A McQueen. 2006. A scalable approach to attack graph generation. In Proceedings of the 13th ACM conference on Computer and communications security. ACM.
[12]
Xinming Ou, Sudhakar Govindavajhala, and Andrew W Appel. 2005. MulVAL: A Logic-based Network Security Analyzer. In USENIX Security Symposium, Vol. 8.
[13]
Cynthia Phillips and Laura Painton Swiler. 1998. A graph-based system for network-vulnerability analysis. In Proceedings of the 1998 workshop on New security paradigms. ACM, 71--79.
[14]
Nayot Poolsappasit, Rinku Dewri, and Indrajit Ray. 2012. Dynamic security risk management using bayesian attack graphs. IEEE Transactions on Dependable and Secure Computing, Vol. 9, 1 (2012), 61--74.
[15]
Xinzhou Qin and Wenke Lee. 2004. Attack plan recognition and prediction using causal networks. In Computer Security Applications Conference, 2004. 20th Annual. IEEE, 370--379.
[16]
Diptikalyan Saha. 2008. Extending logical attack graphs for efficient vulnerability analysis. In Proceedings of the 15th ACM conference on Computer and communications security. ACM, 63--74.
[17]
Jaka Sembiring, Mufti Ramadhan, Yudi S Gondokaryono, and Arry A Arman. 2015. Network security risk analysis using improved MulVAL Bayesian attack graphs. International Journal on Electrical Engineering and Informatics, Vol. 7, 4 (2015), 735.
[18]
Laura P Swiler, Cynthia Phillips, David Ellis, and Stefan Chakerian. 2001. Computer-attack graph generation tool. In discex. IEEE, 1307.
[19]
Yien Wang and Jianhua Yang. 2017. Ethical Hacking and Network Defense: Choose Your Best Network Vulnerability Scanning Tool. In 2017 31st International Conference on Advanced Information Networking and Applications: Workshops (WAINA). IEEE.
[20]
Peng Xie, Jason H Li, Xinming Ou, Peng Liu, and Renato Levy. 2010. Using Bayesian networks for cyber security analysis. In Dependable Systems and Networks (DSN), 2010 IEEE/IFIP international conference on. IEEE, 211--220.

Cited By

View all
  • (2024)GENICS: A Framework for Generating Attack Scenarios for Cybersecurity Exercises on Industrial Control SystemsApplied Sciences10.3390/app1402076814:2(768)Online publication date: 16-Jan-2024
  • (2024)T-Trace: Constructing the APTs Provenance Graphs Through Multiple Syslogs CorrelationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.327391821:3(1179-1195)Online publication date: May-2024
  • (2024)Graphene: Towards Data-driven Holistic Security Posture Analysis using AI-generated Attack Graphs2024 IEEE 10th International Conference on Collaboration and Internet Computing (CIC)10.1109/CIC62241.2024.00012(9-18)Online publication date: 28-Oct-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
Asia CCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security
July 2019
708 pages
ISBN:9781450367523
DOI:10.1145/3321705
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 July 2019

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. attack graph
  2. design procedure
  3. knowledge base
  4. risk assessment

Qualifiers

  • Short-paper

Conference

Asia CCS '19
Sponsor:

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)60
  • Downloads (Last 6 weeks)11
Reflects downloads up to 13 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)GENICS: A Framework for Generating Attack Scenarios for Cybersecurity Exercises on Industrial Control SystemsApplied Sciences10.3390/app1402076814:2(768)Online publication date: 16-Jan-2024
  • (2024)T-Trace: Constructing the APTs Provenance Graphs Through Multiple Syslogs CorrelationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.327391821:3(1179-1195)Online publication date: May-2024
  • (2024)Graphene: Towards Data-driven Holistic Security Posture Analysis using AI-generated Attack Graphs2024 IEEE 10th International Conference on Collaboration and Internet Computing (CIC)10.1109/CIC62241.2024.00012(9-18)Online publication date: 28-Oct-2024
  • (2023)Evaluating the Cybersecurity Risk of Real-world, Machine Learning Production SystemsACM Computing Surveys10.1145/355910455:9(1-36)Online publication date: 16-Jan-2023
  • (2023)Why Cyber Threat Modeling Needs Human Factors Expansion: A Position Paper2023 3rd Intelligent Cybersecurity Conference (ICSC)10.1109/ICSC60084.2023.10349982(110-118)Online publication date: 23-Oct-2023
  • (2023)A Survey of MulVAL Extensions and Their Attack Scenarios CoverageIEEE Access10.1109/ACCESS.2023.325772111(27974-27991)Online publication date: 2023
  • (2023)Attack graph analysisComputers and Security10.1016/j.cose.2022.103081126:COnline publication date: 1-Mar-2023
  • (2022)Extending Attack Graphs to Represent Cyber-Attacks in Communication Protocols and Modern IT NetworksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.304199919:3(1936-1954)Online publication date: 1-May-2022
  • (2022)Identification of Attack Paths Using Kill Chain and Attack GraphsNOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium10.1109/NOMS54207.2022.9789803(1-6)Online publication date: 25-Apr-2022
  • (2022)Integrative KnowGen: Integrative Knowledge Base Generation for Criminology as a Domain of ChoiceDigital Technologies and Applications10.1007/978-3-031-02447-4_49(475-484)Online publication date: 6-May-2022
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media