Identification of Attack Paths Using Kill Chain and Attack Graphs

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F22%3A00125603" target="_blank" >RIV/00216224:14610/22:00125603 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1109/NOMS54207.2022.9789803" target="_blank" >http://dx.doi.org/10.1109/NOMS54207.2022.9789803</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/NOMS54207.2022.9789803" target="_blank" >10.1109/NOMS54207.2022.9789803</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Identification of Attack Paths Using Kill Chain and Attack Graphs

Popis výsledku v původním jazyce

The ever-evolving capabilities of cyber attackers force security administrators to focus on the early identification of emerging threats. Targeted cyber attacks usually consist of several phases, from initial reconnaissance of the network environment to final impact on objectives. This paper investigates the identification of multi-step cyber threat scenarios using kill chain and attack graphs. Kill chain and attack graphs are threat modeling concepts that enable determining weak security defense points. We propose a novel kill chain attack graph that merges kill chain and attack graphs together. This approach determines possible chains of attacker’s actions and their materialization within the protected network. The graph generation uses a categorization of threats according to violated security properties. The graph allows determining the kill chain phase the administrator should focus on and applicable countermeasures to mitigate possible cyber threats. We implemented the proposed approach for a predefined range of cyber threats, especially vulnerability exploitation and network threats. The approach was validated on a real-world use case. Publicly available implementation contains a proof-of-concept kill chain attack graph generator.

Název v anglickém jazyce

Identification of Attack Paths Using Kill Chain and Attack Graphs

Popis výsledku anglicky

The ever-evolving capabilities of cyber attackers force security administrators to focus on the early identification of emerging threats. Targeted cyber attacks usually consist of several phases, from initial reconnaissance of the network environment to final impact on objectives. This paper investigates the identification of multi-step cyber threat scenarios using kill chain and attack graphs. Kill chain and attack graphs are threat modeling concepts that enable determining weak security defense points. We propose a novel kill chain attack graph that merges kill chain and attack graphs together. This approach determines possible chains of attacker’s actions and their materialization within the protected network. The graph generation uses a categorization of threats according to violated security properties. The graph allows determining the kill chain phase the administrator should focus on and applicable countermeasures to mitigate possible cyber threats. We implemented the proposed approach for a predefined range of cyber threats, especially vulnerability exploitation and network threats. The approach was validated on a real-world use case. Publicly available implementation contains a proof-of-concept kill chain attack graph generator.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10200 - Computer and information sciences

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2022

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

NOMS 2022 - 2022 IEEE/IFIP Network Operations and Management Symposium

ISBN

9781665406017

ISSN

1542-1201

e-ISSN

—

Počet stran výsledku

6

Strana od-do

1-6

Název nakladatele

IEEE Xplore Digital Library

Místo vydání

Budapest, Hungary

Místo konání akce

Budapest, Hungary

Datum konání akce

1. 1. 2022

Typ akce podle státní příslušnosti

CST - Celostátní akce

Kód UT WoS článku

000851572700059