A Graph-Based Impact Metric for Mitigating Lateral Movement Cyber Attacks
| Title | A Graph-Based Impact Metric for Mitigating Lateral Movement Cyber Attacks |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Purvine, Emilie, Johnson, John R., Lo, Chaomei |
| Conference Name | Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4566-8 |
| Keywords | Attack Graphs, Big Data, big data security, big data security metrics, comparability, Computing Theory, control theory, cyber security, Dynamical Systems, graph, impact metric, Metrics, pubcrawl, Resiliency, security, security metrics, signature based defense |
| Abstract | Most cyber network attacks begin with an adversary gaining a foothold within the network and proceed with lateral movement until a desired goal is achieved. The mechanism by which lateral movement occurs varies but the basic signature of hopping between hosts by exploiting vulnerabilities is the same. Because of the nature of the vulnerabilities typically exploited, lateral movement is very difficult to detect and defend against. In this paper we define a dynamic reachability graph model of the network to discover possible paths that an adversary could take using different vulnerabilities, and how those paths evolve over time. We use this reachability graph to develop dynamic machine-level and network-level impact scores. Lateral movement mitigation strategies which make use of our impact scores are also discussed, and we detail an example using a freely available data set. |
| URL | http://doi.acm.org/10.1145/2994475.2994476 |
| DOI | 10.1145/2994475.2994476 |
| Citation Key | purvine_graph-based_2016 |