Biblio

Selecting the optimal set of countermeasures to secure a network is a challenging task, since it involves various considerations and trade-offs, such as prioritizing the risks to mitigate given the mitigation costs. Previously suggested approaches are based on limited and largely manual risk assessment procedures, provide recommendations for a specific event, or don't consider the organization's constraints (e.g., limited budget). In this paper, we present an improved attack graph-based risk assessment process and apply heuristic search to select an optimal countermeasure plan for a given network and budget. The risk assessment process represents the risk in the system in such a way that incorporates the quantitative risk factors and relevant countermeasures; this allows us to assess the risk in the system under different countermeasure plans during the search, without the need to regenerate the attack graph. We also provide a detailed description of countermeasure modeling and discuss how the countermeasures can be automatically matched to the security issues discovered in the network.

Probabilistic security metrics estimate the vulnerability of a network in terms of the likelihood of an attacker reaching the goal states (of a network) by exploiting the attack graph paths. The probability computation depends upon several assumptions regarding the possible attack scenarios. In this paper, we extend the existing security metric to model networks with intrusion detection systems and their associated uncertainties and time latencies. We consider learning capabilities of attackers as well as detection systems. Estimation of risk is obtained by using the attack paths that are undetectable owing to the latency of the detection system. Thus, we define the overall vulnerability (of a network) as a function of the time window available to an attacker for repeated exploring (via learning) and exploitation of a network, before the attack is mitigated by the detection system. Finally, we consider the realistic scenario where an attacker explores and abandons various partial paths in the attack graph before the actual exploitation. A dynamic programming formulation of the vulnerability computation methodology is proposed for this scenario. The nature of these metrics are explained using a case study showing the vulnerability spectrum from the case of zero detection latency to a no detection scenario.

Aiming at the disadvantages of traditional methods such as low penetration path generation efficiency and low attack type recognition accuracy, an optimal penetration path generation algorithm based on the knowledge map power WEB system unknown attack is proposed. First, establish a minimum penetration path test model. And use the model to test the unknown attack of the penetration path under the power WEB system. Then, the ontology of the knowledge graph is designed. Finally, the design of the optimal penetration path generation algorithm based on the knowledge graph is completed. Experimental results show that the algorithm improves the efficiency of optimal penetration path generation, overcomes the shortcomings of traditional methods that can only describe known attacks, and can effectively guarantee the security of power WEB systems.

In this work, security analysis of a Smart Home System (SHS) is inspected. The paper focuses on describing common and likely cyber security threats against SHS. This includes both their influence on human privacy and safety. The SHS is properly presented and formed applying Architecture Analysis and Design Language (AADL), exhibiting the system layout, weaknesses, attack practices, besides their requirements and post settings. The obtained model is later inspected along with a security requirement with JKind model tester software for security endangerment. The overall attack graph causing system compromise is graphically given using Graphviz.

Updating the structure of attack graph templates based on real-time alerts from Intrusion Detection Systems (IDS), in an Industrial Control System (ICS) network, is currently done manually by security experts. But, a highly-connected smart power systems, that can inadvertently expose numerous vulnerabilities to intruders for targeting grid resilience, needs automatic fast updates on learning attack graph structures, instead of manual intervention, to enable fast isolation of compromised network to secure the grid. Hence, in this work, we develop a technique to first construct a prior Bayesian Attack Graph (BAG) based on a predefined threat model and a synthetic communication network for a cyber-physical power system. Further, we evaluate a few score-based and constraint-based structural learning algorithms to update the BAG structure based on real-time alerts, based on scalability, data dependency, time complexity and accuracy criteria.

Graph pooling is an essential ingredient of Graph Neural Networks (GNNs) in graph classification and regression tasks. For these tasks, different pooling strategies have been proposed to generate a graph-level representation by downsampling and summarizing nodes' features in a graph. However, most existing pooling methods are unable to capture distinguishable structural information effectively. Besides, they are prone to adversarial attacks. In this work, we propose a novel pooling method named as HIBPool where we leverage the Information Bottleneck (IB) principle that optimally balances the expressiveness and robustness of a model to learn representations of input data. Furthermore, we introduce a novel structure-aware Discriminative Pooling Readout (DiP-Readout) function to capture the informative local subgraph structures in the graph. Finally, our experimental results show that our model significantly outperforms other state-of-art methods on several graph classification benchmarks and more resilient to feature-perturbation attack than existing pooling methods11Source code at: https://github.com/forkkr/HIBPool.

To reduce the risk of botnet malware, methods of detecting botnet malware using machine learning have received enormous attention in recent years. Most of the traditional methods are based on supervised learning that relies on static features with defined labels. However, recent studies show that supervised machine learning-based IoT malware botnet models are more vulnerable to intentional attacks, known as an adversarial attack. In this paper, we study the adversarial attack on PSI-graph based researches. To perform the efficient attack, we proposed a reinforcement learning based method with a trained target classifier to modify the structures of PSI-graphs. We show that PSI-graphs are vulnerable to such attack. We also discuss about defense method which uses adversarial training to train a defensive model. Experiment result achieves 94.1% accuracy on the adversarial dataset; thus, shows that our defensive model is much more robust than the previous target classifier.

Wireless sensor networks (WSNs) are underlying network infrastructure for a variety of surveillance applications. The network should be tolerant of unexpected failures of sensor nodes to meet the Quality of Service (QoS) requirements of these applications. One major cause of failure is active security attacks such as Depletion-of-Battery (DoB) attacks. This paper model the problem of detecting such attacks as an anomaly detection problem in a dynamic graph. The problem is addressed by employing a cluster ensemble approach called the K-Means Spectral and Hierarchical ensemble (KSH) approach. The experimental result shows that KSH detected DoB attacks with better accuracy when compared to baseline approaches.

With the increasing scale of network, the scale of attack graph has been becoming larger and larger, and the number of nodes in attack graph is also increasing, which can not directly reflect the impact of nodes on the whole system. Therefore, in this paper, a method was proposed to determine the key nodes of network attack graph of power information physical system to solve the problem of uncertain emphasis of security protection of attack graph.

Mathematical model of web server protection is being proposed based on filtering HTTP (Hypertext Transfer Protocol) packets that do not match the semantic parameters of the request standards of this protocol. The model is defined as a graph, and the relationship between the parameters - the sets of vulnerabilities of the corporate network, the methods of attacks and their consequences-is described by the Cartesian product, which provides the correct interpretation of a corporate network cyber attack. To represent the individual stages of simulated attacks, it is possible to separate graph models in order to model more complex attacks based on the existing simplest ones. The unity of the model proposed representation of cyber attack in three variants is shown, namely: graphic, text and formula.

Attack graphs are commonly used to analyse the security of medium-sized to large networks. Based on a scan of the network and likelihood information of vulnerabilities, attack graphs can be transformed into Bayesian Attack Graphs (BAGs). These BAGs are used to evaluate how security controls affect a network and how changes in topology affect security. A challenge with these automatically generated BAGs is that cycles arise naturally, which make it impossible to use Bayesian network theory to calculate state probabilities. In this paper we provide a systematic approach to analyse and perform computations over cyclic Bayesian attack graphs. We present an interpretation of Bayesian attack graphs based on combinational logic circuits, which facilitates an intuitively attractive systematic treatment of cycles. We prove properties of the associated logic circuit and present an algorithm that computes state probabilities without altering the attack graphs (e.g., remove an arc to remove a cycle). Moreover, our algorithm deals seamlessly with any cycle without the need to identify their type. A set of experiments demonstrates the scalability of the algorithm on computer networks with hundreds of machines, each with multiple vulnerabilities.

Advanced Persistent Threats (APTs) refer to sophisticated, prolonged and multi-step attacks, planned and executed by skilled adversaries targeting government and enterprise networks. Attack graphs' topologies can be leveraged to detect, explain and visualize the progress of such attacks. However, due to the abundance of false-positives, such graphs are usually overwhelmingly large and difficult for an analyst to understand. Graph partitioning refers to the problem of reducing the graph of alerts to a set of smaller incidents that are easier for an analyst to process and better represent the actual attack plan. Existing approaches are oblivious to the security-context of the problem at hand and result in graphs which, while smaller, make little sense from a security perspective. In this paper, we propose an optimization approach allowing us to generate security-aware partitions, utilizing aspects such as the kill chain progression, number of assets involved, as well as the size of the graph. Using real-world datasets, the results show that our approach produces graphs that are better at capturing the underlying attack compared to state-of-the-art approaches and are easier for the analyst to understand.

Cyber risk assessments are an essential process for analyzing and prioritizing security issues. Unfortunately, many risk assessment methodologies are marred by human subjectivity, resulting in non-repeatable, inconsistent findings. The absence of repeatable and consistent results can lead to suboptimal decision making with respect to cyber risk reduction. There is a pressing need to reduce cyber risk assessment uncertainty by using tools that use well defined inputs, producing well defined results. This paper presents Automated Vulnerability and Risk Analysis (AVRA), an end-to-end process and tool for identifying and exploiting vulnerabilities, designed for use in cyber risk assessments. The approach presented is more comprehensive than traditional vulnerability scans due to its analysis of an entire network, integrating both host and network information. AVRA automatically generates a detailed model of the network and its individual components, which is used to create an attack graph. Then, AVRA follows individual attack paths, automatically launching exploits to reach a particular objective. AVRA was successfully tested within a virtual environment to demonstrate practicality and usability. The presented approach and resulting system enhances the cyber risk assessment process through rigor, repeatability, and objectivity.

Privacy preservation is a challenging task with the huge amount of data that are available in social media. The data those are stored in the distributed environment or in cloud environment need to ensure confidentiality to data. In addition, representing the voluminous data is graph will be convenient to perform keyword search. The proposed work initially reads the data corresponding to social media and converts that into a graph. In order to prevent the data from the active attacks Advanced Encryption Standard algorithm is used to perform graph encryption. Later, search operation is done using two algorithms: kNK keyword search algorithm and top k nearest keyword search algorithm. The first scheme is used to fetch all the data corresponding to the keyword. The second scheme is used to fetch the nearest neighbor. This scheme increases the efficiency of the search process. Here shortest path algorithm is used to find the minimum distance. Now, based on the minimum value the results are produced. The proposed algorithm shows high performance for graph generation and searching and moderate performance for graph encryption.

In this article, the security problem in cyber-physical systems (CPSs) against denial-of-service (DoS) attacks is studied from the perspectives of the designs of communication topology and distributed controller. To resist the DoS attacks, a new construction algorithm of the k-connected communication topology is developed based on the proposed necessary and sufficient criteria of the k-connected graph. Furthermore, combined with the k-connected topology, a distributed event-triggered controller is designed to guarantee the consensus of CPSs under mode-switching DoS (MSDoS) attacks. Different from the existing distributed control schemes, a new technology, that is, the extended Laplacian matrix method, is combined to design the distributed controller independent on the knowledge and the dwell time of DoS attack modes. Finally, the simulation example illustrates the superiority and effectiveness of the proposed construction algorithm and a distributed control scheme.

Securing cyber-physical systems (CPS) and Internet of Things (IoT) systems requires the identification of how interdependence among existing atomic vulnerabilities may be exploited by an adversary to stitch together an attack that can compromise the system. Therefore, accurate attack graphs play a significant role in systems security. A manual construction of the attack graphs is tedious and error-prone, this paper proposes a model-checking-based automated attack graph generator and visualizer (A2G2V). The proposed A2G2V algorithm uses existing model-checking tools, an architecture description tool, and our own code to generate an attack graph that enumerates the set of all possible sequences in which atomic-level vulnerabilities can be exploited to compromise system security. The architecture description tool captures a formal representation of the networked system, its atomic vulnerabilities, their pre-and post-conditions, and security property of interest. A model-checker is employed to automatically identify an attack sequence in the form of a counterexample. Our own code integrated with the model-checker parses the counterexamples, encodes those for specification relaxation, and iterates until all attack sequences are revealed. Finally, a visualization tool has also been incorporated with A2G2V to generate a graphical representation of the generated attack graph. The results are illustrated through application to computer as well as control (SCADA) networks.

In view of the problem that the overall security of the network is difficult to evaluate quantitatively, we propose the edge authority attack graph model, which aims to make up for the traditional dependence attack graph to describe the relationship between vulnerability behaviors. This paper proposed a network security metrics based on probability, and proposes a network vulnerability algorithm based on vulnerability exploit probability and attack target asset value. Finally, a network security reinforcement algorithm with network vulnerability index as the optimization target is proposed based on this metric algorithm.

Attack graph is an effective way to analyze the vulnerabilities for industrial control networks. We develop a vulnerability correlation method and a practical visualization technology for industrial control network. First of all, we give a complete attack graph analysis for industrial control network, which focuses on network model and vulnerability context. Particularly, a practical attack graph algorithm is proposed, including preparing environments and vulnerability classification and correlation. Finally, we implement a three-dimensional interactive attack graph visualization tool. The experimental results show validation and verification of the proposed method.

An attack graph is a method used to enumerate the possible paths that an attacker can take in the organizational network. MulVAL is a known open-source framework used to automatically generate attack graphs. MulVAL's default modeling has two main shortcomings. First, it lacks the ability to represent network protocol vulnerabilities, and thus it cannot be used to model common network attacks, such as ARP poisoning. Second, it does not support advanced types of communication, such as wireless and bus communication, and thus it cannot be used to model cyber-attacks on networks that include IoT devices or industrial components. In this paper, we present an extended network security model for MulVAL that: (1) considers the physical network topology, (2) supports short-range communication protocols, (3) models vulnerabilities in the design of network protocols, and (4) models specific industrial communication architectures. Using the proposed extensions, we were able to model multiple attack techniques including: spoofing, man-in-the-middle, and denial of service attacks, as well as attacks on advanced types of communication. We demonstrate the proposed model in a testbed which implements a simplified network architecture comprised of both IT and industrial components

Moving target defense (MTD) has emerged as a proactive defense mechanism aiming to thwart a potential attacker. The key underlying idea of MTD is to increase uncertainty and confusion for attackers by changing the attack surface (i.e., system or network configurations) that can invalidate the intelligence collected by the attackers and interrupt attack execution; ultimately leading to attack failure. Recently, the significant advance of software-defined networking (SDN) technology has enabled several complex system operations to be highly flexible and robust; particularly in terms of programmability and controllability with the help of SDN controllers. Accordingly, many security operations have utilized this capability to be optimally deployed in a complex network using the SDN functionalities. In this paper, by leveraging the advanced SDN technology, we developed an attack graph-based MTD technique that shuffles a host's network configurations (e.g., MAC/IP/port addresses) based on its criticality, which is highly exploitable by attackers when the host is on the attack path(s). To this end, we developed a hierarchical attack graph model that provides a network's vulnerability and network topology, which can be utilized for the MTD shuffling decisions in selecting highly exploitable hosts in a given network, and determining the frequency of shuffling the hosts' network configurations. The MTD shuffling with a high priority on more exploitable, critical hosts contributes to providing adaptive, proactive, and affordable defense services aiming to minimize attack success probability with minimum MTD cost. We validated the out performance of the proposed MTD in attack success probability and MTD cost via both simulation and real SDN testbed experiments.

Increasing deep neural networks are applied in solving graph evolved tasks, such as node classification and link prediction. However, the vulnerability of deep models can be revealed using carefully crafted adversarial examples generated by various adversarial attack methods. To explore this security problem, we define the link prediction adversarial attack problem and put forward a novel iterative gradient attack (IGA) strategy using the gradient information in the trained graph autoencoder (GAE) model. Not surprisingly, GAE can be fooled by an adversarial graph with a few links perturbed on the clean one. The results on comprehensive experiments of different real-world graphs indicate that most deep models and even the state-of-the-art link prediction algorithms cannot escape the adversarial attack, such as GAE. We can benefit the attack as an efficient privacy protection tool from the link prediction of unknown violations. On the other hand, the adversarial attack is a robust evaluation metric for current link prediction algorithms of their defensibility.

Sybil attacks are one of the most prominent security problems of trust mechanisms in a distributed network with a large number of highly dynamic and heterogeneous devices, which expose serious threat to edge computing based distributed systems. Graphbased Sybil detection approaches extract social structures from target distributed systems, refine the graph via preprocessing methods and capture Sybil nodes based on the specific properties of the refined graph structure. Graph preprocessing is a critical component in such Sybil detection methods, and intuitively, the processing methods will affect the detection performance. Thoroughly understanding the dependency on the graph-processing methods is very important to develop and deploy Sybil detection approaches. In this paper, we design experiments and conduct systematic analysis on graph-based Sybil detection with respect to different graph preprocessing methods on selected network environments. The experiment results disclose the sensitivity caused by different graph transformations on accuracy and robustness of Sybil detection methods.

Advanced Persistent Threat (APT) is a stealthy, continuous and sophisticated method of network attacks, which can cause serious privacy leakage and millions of dollars losses. In this paper, we introduce a new game-theoretic framework of the interaction between a defender who uses limited Security Resources(SRs) to harden network and an attacker who adopts a multi-stage plan to attack the network. The game model is derived from Stackelberg games called a Multi-stage Maze Network Game (M2NG) in which the characteristics of APT are fully considered. The possible plans of the attacker are compactly represented using attack graphs(AGs), but the compact representation of the attacker's strategies presents a computational challenge and reaching the Nash Equilibrium(NE) is NP-hard. We present a method that first translates AGs into Markov Decision Process(MDP) and then achieves the optimal SRs allocation using the policy hill-climbing(PHC) algorithm. Finally, we present an empirical evaluation of the model and analyze the scalability and sensitivity of the algorithm. Simulation results exhibit that our proposed reinforcement learning-based SRs allocation is feasible and efficient.

Network security is an important issue in today's world with existence of network systems that communicate data and information about all aspects of our life, work and business. Network security is an important issue with connected networks and data communication between organisations of that specialized in different areas. Network security engineers spend a considerable amount of time to investigate network for security breaches and to enhance the security of their networks and data communications on their networks. They use Attack Graphs (AGs) which are graphical representation of networks to assist them in analysing large networks. With increase size of networks and their complexity, the use of attack graphs alone does not provide the necessary risk analysis and assessment facilities. There is a need for automated intelligent systems such as multiagent systems to assist in analysing, assessing and testing networks. Network systems changes with the increase in the size of organisation and connectivity of network of organisations based on the business needs or organisational or governmental rules and regulations. In this paper a multi-agent system is developed assist in analysing interconnected network to identify security risks. The multi-agent system is capable of security network analysis to identify paths using an attack graph of the network under consideration to protect network systems, as the networks grow and change, against possible attacks. The multiagent system uses a model developed by Mohammadian [3] for converting AGs to Fuzzy Cognitive Maps (FCMs) to identify attack paths from attack graphs and perform security risk analysis. In this paper a novel decision-making approach using FCMs is employed.

Cyber-Physical-Systems are subject to cyber-attacks due to existing vulnerabilities in the various components constituting them. System Resiliency is concerned with the extent the system is able to bounce back to a normal state under attacks. In this paper, two communication Networks are analyzed, formally described, and modeled using Architecture Analysis & Design Language (AADL), identifying their architecture, connections, vulnerabilities, resources, possible attack instances as well as their pre-and post-conditions. The generated network models are then verified against a security property using JKind model checker integrated tool. The union of the generated attack sequences/scenarios resulting in overall network compromise (given by its loss of stability) is the Attack graph. The generated Attack graph is visualized graphically using Unity software, and then used to assess the worst Level of Resilience for both networks.