Advanced Cyber Attack Modeling Analysis and Visualization
Abstract
This project delivers an approach for visualization, correlation, and prediction of potentially large and complex attack graphs. These attack graphs show multi-step cyber attacks against networks, based on system vulnerabilities, network connectivity, and potential attacker exploits. We introduce a new paradigm for attack graph analysis that augments the traditional graph-centric view, based on graph adjacency matrices. In our approach, the analysis includes all known network attack paths, while still keeping complexity manageable. It supports pre-attack network hardening, correlation of detected attack events, and attack origin/impact prediction for post-attack responses. The goal of this system is to transform large quantities of network security data into actionable intelligence. The utility of organizing combinations of network attacks as graphs is well established. Traditionally, such attack graphs have been formed manually by security red teams (penetration testers). We have demonstrated the capability for computational generation of attack graphs, rather than relying on manual creation. This approach is based on models of network security conditions and potential attacker exploits. Because of vulnerability interdependencies across networks, a topological attack graph approach is needed, especially for proactive defense against insidious multi-step attacks. The traditional approach that treats network data and events in isolation, without the context provided by attack graphs, is clearly insufficient.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2010
- Accession Number
- ADA516716
Entities
People
- Steven Noel
- Sushil Jajodia
Organizations
- George Mason University