| Title | Compressing Network Attack Surfaces for Practical Security Analysis |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Everson, Douglas, Cheng, Long |
| Conference Name | 2021 IEEE Secure Development Conference (SecDev) |
| Keywords | anomaly detection, attack surface, banner grabbing, clustering, Clustering algorithms, Conferences, data structures, Manuals, Metrics, Network Attack Surface, pubcrawl, resilience, Resiliency, Scalability, security, Testing |
| Abstract | Testing or defending the security of a large network can be challenging because of the sheer number of potential ingress points that need to be investigated and evaluated for vulnerabilities. In short, manual security testing and analysis do not easily scale to large networks. While it has been shown that clustering can simplify the problem somewhat, the data structures and formats returned by the latest network mapping tools are not conducive to clustering algorithms. In this paper we introduce a hybrid similarity algorithm to compute the distance between two network services and then use those calculations to support a clustering algorithm designed to compress a large network attack surface by orders of magnitude. Doing so allows for new testing strategies that incorporate outlier detection and smart consolidation of test cases to improve accuracy and timeliness of testing. We conclude by presenting two case studies using an organization's network attack surface data to demonstrate the effectiveness of this approach. |
| DOI | 10.1109/SecDev51306.2021.00020 |
| Citation Key | everson_compressing_2021 |
Compressing Network Attack Surfaces for Practical Security Analysis