Scalable analysis of attack scenarios

Massimiliano Albanese*, Sushil Jajodia, Andrea Pugliese, V. S. Subrahmanian

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

47 Scopus citations

Abstract

Attack graphs have been widely used for attack modeling, alert correlation, and prediction. In order to address the limitations of current approaches - scalability and impact analysis - we propose a novel framework to analyze massive amounts of alerts in real time, and measure the impact of current and future attacks. Our contribution is threefold. First, we introduce the notion of generalized dependency graph, which captures how network components depend on each other, and how the services offered by an enterprise depend on the underlying infrastructure. Second, we extend the classical definition of attack graph with the notion of timespan distribution, which encodes probabilistic knowledge of the attacker's behavior. Finally, we introduce attack scenario graphs, which combine dependency and attack graphs, bridging the gap between known vulnerabilities and the services that could be ultimately affected by the corresponding exploits. We propose efficient algorithms for both detection and prediction, and show that they scale well for large graphs and large volumes of alerts. We show that, in practice, our approach can provide security analysts with actionable intelligence about the current cyber situation, enabling them to make more informed decisions.

Original languageEnglish (US)
Title of host publicationComputer Security, ESORICS 2011 - 16th European Symposium on Research in Computer Security, Proceedings
PublisherSpringer Verlag
Pages416-433
Number of pages18
ISBN (Print)9783642238215
DOIs
StatePublished - 2011
Externally publishedYes
Event16th European Symposium on Research in Computer Security, ESORICS 2011 - Leuven, Belgium
Duration: Sep 12 2011Sep 14 2011

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6879 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference16th European Symposium on Research in Computer Security, ESORICS 2011
Country/TerritoryBelgium
CityLeuven
Period9/12/119/14/11

Keywords

  • Attack graphs
  • cyber situation awareness
  • dependency graphs
  • scalability
  • vulnerability analysis

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Scalable analysis of attack scenarios'. Together they form a unique fingerprint.

Cite this