Visible to the public Identification of Critical-Attacks Set in an Attack-Graph

Submitted by aekwall on Mon, 08/17/2020 - 11:17am
TitleIdentification of Critical-Attacks Set in an Attack-Graph
Publication TypeConference Paper
Year of Publication2019
AuthorsAl Ghazo, Alaa T., Kumar, Ratnesh
Conference Name2019 IEEE 10th Annual Ubiquitous Computing, Electronics Mobile Communication Conference (UEMCON)
Keywordsadvanced multifaceted attacks, attack graph, Attack Graphs, attack scenarios, attack-graph, attack-paths, complex attacks scenarios, composability, control engineering computing, critical-attacks set, Cyber-physical systems, graph theory, industrial control, industrial control systems, Internet of Things, Min Label-Cut, Predictive Metrics, pubcrawl, Resiliency, SCADA systems, SCC, security, security administrators, security measurements, security of data, strongly-connected-components, system security, system vulnerabilities, system-level security property, water treatment, water treatment cyber-physical system
AbstractSCADA/ICS (Supervisory Control and Data Acqui-sition/Industrial Control Systems) networks are becoming targets of advanced multi-faceted attacks, and use of attack-graphs has been proposed to model complex attacks scenarios that exploit interdependence among existing atomic vulnerabilities to stitch together the attack-paths that might compromise a system-level security property. While such analysis of attack scenarios enables security administrators to establish appropriate security measurements to secure the system, practical considerations on time and cost limit their ability to address all system vulnerabilities at once. In this paper, we propose an approach that identifies label-cuts to automatically identify a set of critical-attacks that, when blocked, guarantee system security. We utilize the Strongly-Connected-Components (SCCs) of the given attack graph to generate an abstracted version of the attack-graph, a tree over the SCCs, and next use an iterative backward search over this tree to identify set of backward reachable SCCs, along with their outgoing edges and their labels, to identify a cut with a minimum number of labels that forms a critical-attacks set. We also report the implementation and validation of the proposed algorithm to a real-world case study, a SCADA network for a water treatment cyber-physical system.
DOI10.1109/UEMCON47517.2019.8993076
Citation Keyal_ghazo_identification_2019
Groups: