Analysis of Attack Graph Representations for Ranking Vulnerability Fixes

Tom Gonda; Tal Pascal; Rami Puzis; Guy Shani; Bracha Shapira

doi:10.29007/2c1q

Analysis of Attack Graph Representations for Ranking Vulnerability Fixes

Tom Gonda
, Tal Pascal
, Rami Puzis
, Guy Shani
, Bracha Shapira

Research output: Contribution to conference › Paper › peer-review

Abstract

Software vulnerabilities in organizational computer networks can be leveraged by an attacker to gain access to sensitive information. As fixing all vulnerabilities requires much effort, it is critical to rank the possible fixes by their importance. Centrality measures over logical attack graphs, or over the network connectivity graph, often provide a scalable method for finding the most critical vulnerabilities. In this paper we suggest an analysis of the planning graph, originating in classical planning, as an alternative for the logical attack graph, to improve the ranking produced by centrality measures. The planning graph also allows us to enumerate the set of possible attack plans, and hence, directly count the number of attacks that use a given vulnerability. We evaluate a set of centrality-based ranking measures over the logical attack graph and the planning graph, showing that metrics computed over the planning graph reduce more rapidly the set of shortest attack plans.

Original language	English
DOIs	https://doi.org/10.29007/2c1q
State	Published - 17 Sep 2018
Event	The 4th Global Conference on Artificial Intelligence (GCAI 2018) - , Luxembourg Duration: 17 Sep 2018 → 19 Sep 2018 https://easychair.org/smart-program/LuxLogAI2018/GCAI-index.html

Conference

Conference	The 4th Global Conference on Artificial Intelligence (GCAI 2018)
Country/Territory	Luxembourg
Period	17/09/18 → 19/09/18
Internet address	https://easychair.org/smart-program/LuxLogAI2018/GCAI-index.html

Access to Document

10.29007/2c1q

Cite this

@conference{e63c0d9c3fd4438eb3d71e6e73b39ca0,

title = "Analysis of Attack Graph Representations for Ranking Vulnerability Fixes",

abstract = "Software vulnerabilities in organizational computer networks can be leveraged by an attacker to gain access to sensitive information. As fixing all vulnerabilities requires much effort, it is critical to rank the possible fixes by their importance. Centrality measures over logical attack graphs, or over the network connectivity graph, often provide a scalable method for finding the most critical vulnerabilities. In this paper we suggest an analysis of the planning graph, originating in classical planning, as an alternative for the logical attack graph, to improve the ranking produced by centrality measures. The planning graph also allows us to enumerate the set of possible attack plans, and hence, directly count the number of attacks that use a given vulnerability. We evaluate a set of centrality-based ranking measures over the logical attack graph and the planning graph, showing that metrics computed over the planning graph reduce more rapidly the set of shortest attack plans.",

author = "Tom Gonda and Tal Pascal and Rami Puzis and Guy Shani and Bracha Shapira",

year = "2018",

month = sep,

day = "17",

doi = "10.29007/2c1q",

language = "English",

note = "The 4th Global Conference on Artificial Intelligence (GCAI 2018) ; Conference date: 17-09-2018 Through 19-09-2018",

url = "https://easychair.org/smart-program/LuxLogAI2018/GCAI-index.html",

}

TY - CONF

T1 - Analysis of Attack Graph Representations for Ranking Vulnerability Fixes

AU - Gonda, Tom

AU - Pascal, Tal

AU - Puzis, Rami

AU - Shani, Guy

AU - Shapira, Bracha

PY - 2018/9/17

Y1 - 2018/9/17

N2 - Software vulnerabilities in organizational computer networks can be leveraged by an attacker to gain access to sensitive information. As fixing all vulnerabilities requires much effort, it is critical to rank the possible fixes by their importance. Centrality measures over logical attack graphs, or over the network connectivity graph, often provide a scalable method for finding the most critical vulnerabilities. In this paper we suggest an analysis of the planning graph, originating in classical planning, as an alternative for the logical attack graph, to improve the ranking produced by centrality measures. The planning graph also allows us to enumerate the set of possible attack plans, and hence, directly count the number of attacks that use a given vulnerability. We evaluate a set of centrality-based ranking measures over the logical attack graph and the planning graph, showing that metrics computed over the planning graph reduce more rapidly the set of shortest attack plans.

AB - Software vulnerabilities in organizational computer networks can be leveraged by an attacker to gain access to sensitive information. As fixing all vulnerabilities requires much effort, it is critical to rank the possible fixes by their importance. Centrality measures over logical attack graphs, or over the network connectivity graph, often provide a scalable method for finding the most critical vulnerabilities. In this paper we suggest an analysis of the planning graph, originating in classical planning, as an alternative for the logical attack graph, to improve the ranking produced by centrality measures. The planning graph also allows us to enumerate the set of possible attack plans, and hence, directly count the number of attacks that use a given vulnerability. We evaluate a set of centrality-based ranking measures over the logical attack graph and the planning graph, showing that metrics computed over the planning graph reduce more rapidly the set of shortest attack plans.

U2 - 10.29007/2c1q

DO - 10.29007/2c1q

M3 - Paper

T2 - The 4th Global Conference on Artificial Intelligence (GCAI 2018)

Y2 - 17 September 2018 through 19 September 2018

ER -

Analysis of Attack Graph Representations for Ranking Vulnerability Fixes

Abstract

Conference

Access to Document

Fingerprint

Cite this