Design procedure of knowledge base for practical attack graph generation

Masaki Inokuchi, Yoshinobu Ohta, Shunichi Kinoshita, Tomohiko Yagyu, Orly Stan, Ron Bitton, Yuval Elovici, Asaf Shabtai

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

Cyber security assessment is an essential activity for understanding the security risks in an enterprise environment. While many tools have been developed in order to evaluate the security risks for individual hosts, it is still a challenge to identify multi-hop cyber security risks in a large-scale environment. An attack graph, which provides a comprehensive view of attacks, assists in identifying high-risk attack paths and efficiently deploying countermeasures. Several frameworks which generate an attack graph from system information and knowledge base have also been developed in the past. Although these tools are widely adopted, their expression capabilities are insufficient. The expansion of knowledge base is needed to handle comprehensive attack scenario. In this research, we developed an attack graph generation system by extending the MulVAL framework which is widely adopted due to its high extensibility. We designed and implemented knowledge base (also known as "interaction rules" in the MulVAL framework) for practical attack graph generation. A structured design procedure is necessary to construct a knowledge base that enables comprehensive analysis, which is highly important for actual risk assessment. We describe the design procedure, design considerations and implementation of our rule set. Additionally, we demonstrate the improvement to the generated attack graph by the implemented rules in a case study.

Original languageEnglish
Title of host publicationAsiaCCS 2019 - Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery, Inc
Pages594-601
Number of pages8
ISBN (Electronic)9781450367523
DOIs
StatePublished - 2 Jul 2019
Event2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019 - Auckland, New Zealand
Duration: 9 Jul 201912 Jul 2019

Publication series

NameAsiaCCS 2019 - Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

Conference

Conference2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019
Country/TerritoryNew Zealand
CityAuckland
Period9/07/1912/07/19

Keywords

  • Attack graph
  • Design procedure
  • Knowledge base
  • Risk assessment

Fingerprint

Dive into the research topics of 'Design procedure of knowledge base for practical attack graph generation'. Together they form a unique fingerprint.

Cite this