Hierarchical Modeling of Cyber Assets in Kill Chain Attack Graphs

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F24%3A00137295" target="_blank" >RIV/00216224:14610/24:00137295 - isvavai.cz</a>

Výsledek na webu

<a href="https://ieeexplore.ieee.org/abstract/document/10814501" target="_blank" >https://ieeexplore.ieee.org/abstract/document/10814501</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.23919/CNSM62983.2024.10814501" target="_blank" >10.23919/CNSM62983.2024.10814501</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Hierarchical Modeling of Cyber Assets in Kill Chain Attack Graphs

Popis výsledku v původním jazyce

Cyber threat modeling is a proactive method for identifying possible cyber attacks on network infrastructure that has a wide range of applications in security assessment, risk analysis, and threat exposure management. Popular modeling methods are kill chains and attack graphs. Kill chains divide attacks into phases, and attack graphs depict attack paths. A difficult issue is how to hierarchically model categories of cyber assets that should be used in threat models due to the variety of cyber systems in the current networks. This task should be addressed to provide automation of realistic threat modeling and interoperability with public knowledge bases, such as MITRE ATT&amp;CK. In this paper, we propose a hierarchical modeling methodology for representing cyber assets in kill chain attack graphs. We illustrate its practical application on MITRE D3FEND’s Digital Artifact Ontology. Moreover, we define how cyber assets with related attack techniques should be transformed into logical facts and attack rules. We implemented proof-of-concept software modules that can process data obtained from network and host-based monitoring together with attack rules to generate attack graphs. We evaluated the approach with data from a cyber exercise captured in a network of a digital twin organization. The results show that the approach is applicable in real-world networks and can reveal ground-truth attacks.

Název v anglickém jazyce

Hierarchical Modeling of Cyber Assets in Kill Chain Attack Graphs

Popis výsledku anglicky

Cyber threat modeling is a proactive method for identifying possible cyber attacks on network infrastructure that has a wide range of applications in security assessment, risk analysis, and threat exposure management. Popular modeling methods are kill chains and attack graphs. Kill chains divide attacks into phases, and attack graphs depict attack paths. A difficult issue is how to hierarchically model categories of cyber assets that should be used in threat models due to the variety of cyber systems in the current networks. This task should be addressed to provide automation of realistic threat modeling and interoperability with public knowledge bases, such as MITRE ATT&amp;CK. In this paper, we propose a hierarchical modeling methodology for representing cyber assets in kill chain attack graphs. We illustrate its practical application on MITRE D3FEND’s Digital Artifact Ontology. Moreover, we define how cyber assets with related attack techniques should be transformed into logical facts and attack rules. We implemented proof-of-concept software modules that can process data obtained from network and host-based monitoring together with attack rules to generate attack graphs. We evaluated the approach with data from a cyber exercise captured in a network of a digital twin organization. The results show that the approach is applicable in real-world networks and can reveal ground-truth attacks.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10200 - Computer and information sciences

Projekt

—

Návaznosti

R - Projekt Ramcoveho programu EK

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

2024 20th International Conference on Network and Service Management (CNSM)

ISBN

9783903176669

ISSN

2165-9605

e-ISSN

—

Počet stran výsledku

5

Strana od-do

1-5

Název nakladatele

IFIP Open Digital Library, IEEE Xplore

Místo vydání

New York, NY

Místo konání akce

Prague, Czech Republic

Datum konání akce

1. 1. 2024

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

001414325200054