All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Hierarchical Modeling of Cyber Assets in Kill Chain Attack Graphs

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F24%3A00137295" target="_blank" >RIV/00216224:14610/24:00137295 - isvavai.cz</a>

  • Result on the web

    <a href="https://ieeexplore.ieee.org/abstract/document/10814501" target="_blank" >https://ieeexplore.ieee.org/abstract/document/10814501</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.23919/CNSM62983.2024.10814501" target="_blank" >10.23919/CNSM62983.2024.10814501</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Hierarchical Modeling of Cyber Assets in Kill Chain Attack Graphs

  • Original language description

    Cyber threat modeling is a proactive method for identifying possible cyber attacks on network infrastructure that has a wide range of applications in security assessment, risk analysis, and threat exposure management. Popular modeling methods are kill chains and attack graphs. Kill chains divide attacks into phases, and attack graphs depict attack paths. A difficult issue is how to hierarchically model categories of cyber assets that should be used in threat models due to the variety of cyber systems in the current networks. This task should be addressed to provide automation of realistic threat modeling and interoperability with public knowledge bases, such as MITRE ATT&amp;CK. In this paper, we propose a hierarchical modeling methodology for representing cyber assets in kill chain attack graphs. We illustrate its practical application on MITRE D3FEND’s Digital Artifact Ontology. Moreover, we define how cyber assets with related attack techniques should be transformed into logical facts and attack rules. We implemented proof-of-concept software modules that can process data obtained from network and host-based monitoring together with attack rules to generate attack graphs. We evaluated the approach with data from a cyber exercise captured in a network of a digital twin organization. The results show that the approach is applicable in real-world networks and can reveal ground-truth attacks.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10200 - Computer and information sciences

Result continuities

  • Project

  • Continuities

    R - Projekt Ramcoveho programu EK

Others

  • Publication year

    2024

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    2024 20th International Conference on Network and Service Management (CNSM)

  • ISBN

    9783903176669

  • ISSN

    2165-9605

  • e-ISSN

  • Number of pages

    5

  • Pages from-to

    1-5

  • Publisher name

    IFIP Open Digital Library, IEEE Xplore

  • Place of publication

    New York, NY

  • Event location

    Prague, Czech Republic

  • Event date

    Jan 1, 2024

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

    001414325200054

Similar results(10)

Identification of Attack Paths Using Kill Chain and Attack GraphsComplex Networks in Cybersecurity: Applications and ChallengesCurrent Challenges of Cyber Threat and Vulnerability Identification Using Public Enumerations