| Title | Reasoning about Sequential Cyberattacks |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Paliath, Vivin, Shakarian, Paulo |
| Conference Name | 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM) |
| Date Published | aug |
| Keywords | adversarial reasoning, Cognition, Complexity theory, compositionality, computational complexity, Computational modeling, computer systems, Cost function, cyber adversaries, Cyber Dependencies, cyber-adversary, cyber-attack modeling, cybersecurity, fixed-point operator, human factors, invasive software, Lattices, Mathematical model, Metrics, NP-complete problem, optimisation, pubcrawl, Resiliency, Scalability, sequential chained attacks, sequential cyberattacks, simulated vulnerability data, Social network services, vulnerability dependencies |
| Abstract | Cyber adversaries employ a variety of malware and exploits to attack computer systems, usually via sequential or "chained" attacks, that take advantage of vulnerability dependencies. In this paper, we introduce a formalism to model such attacks. We show that the determination of the set of capabilities gained by an attacker, which also translates to extent to which the system is compromised, corresponds with the convergence of a simple fixed-point operator. We then address the problem of determining the optimal/most-dangerous strategy for a cyber-adversary with respect to this model and find it to be an NP-Complete problem. To address this complexity we utilize an A*-based approach with an admissible heuristic, that incorporates the result of the fixed-point operator and uses memoization for greater efficiency. We provide an implementation and show through a suite of experiments, using both simulated and actual vulnerability data, that this method performs well in practice for identifying adversarial courses of action in this domain. On average, we found that our techniques decrease runtime by 82%. |
| DOI | 10.1145/3341161.3343522 |
| Citation Key | paliath_reasoning_2019 |
Reasoning about Sequential Cyberattacks