Attacker-parametrised attack graphs

Conference item

Computer network attackers chain system exploits together to achieve their goals, which range from stealing data to corrupting systems. Attack graphs represent these paths through the network, and provide the basis for calculating many security metrics. In this paper, we seek to extend graph-based analysis from the consideration of single graphs to the consideration of multiple. By performing analysis on many graphs at once, we consider the range of threats faced and avoid the downsides of several current techniques, which focus purely on known and expected attackers. In particular, we propose a novel method of generating a set of attack graphs, parametrised by attacker profiles. Our technique would enable security analysts to consider the security of their network from the perspective of many attackers simultaneously. This contrasts with existing techniques, which typically analyse attacker-independent graphs or graphs constructed around predefined attacker profiles. We analyse the resulting set of graphs first through deterministic methods and then using a probability measure.

Authors: Janse van Rensburg, A; Nurse, JRC; Goldsmith, M

• Publication status: Published
• Peer review status: Peer reviewed
• Publisher: ThinkMind Digital Library
• Host title: Tenth International Conference on Quantum, Nano/Bio, and Micro Technologies (ICQNM 2016)
• Publication date: 2016-07-01
• Acceptance date: 2016-05-14
• Event title: International Conference on Quantum, Nano/Bio, and Micro Technologies
• Event location: Nice, France
• Event website: http://www.iaria.org/conferences2016/ProgramICQNM16.html
• Event start date: 2016-07-24
• Event end date: 2016-07-28
• Language: English
• Keywords: intrusion detection; attacker profiling; attack graphs