Skip to main content
SpringerLink
Log in

A semantic approach to improving machine readability of a large-scale attack graph

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Automation in cyber security can be achieved by using attack graphs. Attack graphs allow us to model possible paths that a potential attacker can use to intrude into a target network. In particular, graph representation is often used to increase visibility of information, but it is not effective when a large-scale attack graph is produced. However, it is inevitable that such a voluminous attack graph is generated by modeling a variety of data from an increasing number of network hosts. Therefore, we need more intelligent ways of inferring the knowledge required to harden network security from the attack graph, beyond getting information such as possible attack paths. Ontology technology enables a machine to understand information and makes it easier to infer knowledge based on relational facts from big data. Constructing ontology in the domain of attack graph generation is a prerequisite for increasing machine intelligence and implementing an automated process. In this paper, we propose a semantic approach to make a large-scale attack graph machine readable. The approach provides several benefits. First, users can obtain relational facts based on reasoning from a large-scale attack graph, and the semantics of an attack graph can provide intuition to users. In addition, intelligence-based security assessment can be possible using the obtained ontological structures. By improving the machine readability of an attack graph, our approach could lead to automated assessment of network security.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Taylor J, Zaffarano K, Koller B, Bancroft C, Syversen J (2016) Automated effectiveness evaluation of moving target defenses: metrics for missions and attacks. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense, pp 129–134. ACM

  2. Zhang BC, Hu GY, Zhou ZJ, Zhang YM, Qiao PL, Chang LL (2017) Network intrusion detection based on directed acyclic graph and belief rule base. ETRI J 39(4):592–604

    Article  Google Scholar 

  3. Hu Z, Zhu M, Liu P (2017) Online algorithms for adaptive cyber defense on bayesian attack graphs. In: Proceedings of the 2017 Workshop on Moving Target Defense, pp 99–109. ACM

  4. Nguyen TH, Wright M, Wellman MP, Baveja S (2017) Multi-stage attack graph security games: heuristic strategies, with empirical game-theoretic analysis. In: Proceedings of the 2017 Workshop on Moving Target Defense, pp 87–97. ACM

  5. Kar J, Mishra MR (2016) Mitigating threats and security metrics in cloud computing. J Inform Process Syst 12(2):226–233

    Google Scholar 

  6. Chen H, Chen G, Blasch E, Kruger M, Sityar I (2007) Analysis and visualization of large complex attack graphs for networks security. In: Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2007, vol 6570, p 657004. International Society for Optics and Photonics

  7. Homer J, Varikuti A, Ou X, McQueen MA (2008) Improving attack graph visualization through data reduction and attack grouping. In: Goodall JR, Conti G, Ma K-L (eds) Visualization for computer security. Springer, Berlin, pp 68–79

    Chapter  Google Scholar 

  8. Noel S, Jajodia S (2004) Managing attack graph complexity through visual hierarchical aggregation. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp 109–118. ACM

  9. W3C (2014) RDF Schema 1.1, W3C recommendation. https://www.w3.org/TR/rdf-schema/. Accessed 25 Feb 2014

  10. W3C (2004) OWL web ontology language, W3C recommendation. https://www.w3.org/TR/owl-features/. Accessed 10 Feb 2004

  11. Ingols K, Lippmann R, Piwowarski K (2006) Practical attack graph generation for network defense. In: 22nd Annual Computer Security Applications Conference, 2006. ACSAC’06, pp 121–130. IEEE

  12. Kaynar K (2016) A taxonomy for attack graph generation and usage in network security. J Inform Secur Appl 29:27–56

    Google Scholar 

  13. Sheyner O, Haines J, Jha S, Lippmann R, Wing JM (2002) Automated generation and analysis of attack graphs. In: 2002 IEEE Symposium on Security and Privacy, 2002. Proceedings, pp 273–284. IEEE

  14. Ritchey RW, Ammann P (2000) Using model checking to analyze network vulnerabilities. In: 2000 IEEE Symposium on Security and Privacy, 2000. S&P 2000. Proceedings, pp 156–165. IEEE

  15. Jajodia S, Noel S, O’Berry B (2005) Topological analysis of network attack vulnerability. In: Kumar V, Srivastava J, Lazarevic A (eds) Managing cyber threats. Springer, Boston, pp 247–266

    Chapter  Google Scholar 

  16. Lippmann R, Ingols K, Scott C, Piwowarski K, Kratkiewicz K, Artz M, Cunningham R (2006) Validating and restoring defense in depth using attack graphs. In: Military Communications Conference, 2006. MILCOM 2006. IEEE, pp 1–10. IEEE

  17. Kotenko I, Stepashkin M (2006) Attack graph based evaluation of network security. In: IFIP International Conference on Communications and Multimedia Security, pp 216–227. Springer, Berlin, Heidelberg

  18. Ou X, Boyer WF, McQueen MA (2006) A scalable approach to attack graph generation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp 336–345. ACM

  19. Ou X, Govindavajhala S, Appel AW (2005) MulVAL: a logic-based network security analyzer. In: USENIX Security Symposium, p 8

  20. Noel S, Jajodia S, O’Berry B, Jacobs M (2003) Efficient minimum-cost network hardening via exploit dependency graphs. In: 19th Annual Computer Security Applications Conference, 2003. Proceedings, pp 86–95. IEEE

  21. Ammann P, Wijesekera D, Kaushik S (2002) Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp 217–224. ACM

  22. Kim S, Lee H, Kwon H, Lee S (2015) Evaluation model of defense information systems use. JoC 6(1):18–26

    Google Scholar 

  23. Noel S, Jajodia S (2005) Understanding complex network attack graphs through clustered adjacency matrices. In: 21st Annual Computer Security Applications Conference, p 10. IEEE

  24. Mehta V, Bartzis C, Zhu H, Clarke E, Wing J (2006) Ranking attack graphs. In: International Workshop on Recent Advances in Intrusion Detection, pp 127–144. Springer, Berlin, Heidelberg

  25. Gruber TR (1993) A translation approach to portable ontology specifications. Knowl Acquis 5(2):199–220

    Article  Google Scholar 

  26. Sriwanna K, Boongoen T, Iam-On N (2017) Graph clustering-based discretization of splitting and merging methods (GraphS and GraphM). Hum Centr Comput Inform Sci 7(1):21

    Article  Google Scholar 

  27. Stepanova T, Pechenkin A, Lavrova D (2015) Ontology-based big data approach to automated penetration testing of large-scale heterogeneous systems. In: Proceedings of the 8th International Conference on Security of Information and Networks, pp 142–149. ACM

  28. Mann DE, Christey SM (1999) Towards a common enumeration of vulnerabilities. In: 2nd Workshop on Research with Security Vulnerability Databases, Purdue University, West Lafayette, IN

  29. MITRE (2012) Common configuration enumeration (CCE): unique identifier for common system configuration issues. https://nvd.nist.gov/config/cce/index. Accessed 20 Feb 2018

  30. Jeon KM, Park SY, Chun CJ, Park NI, Kim HK (2017) Multi-band approach to deep learning-based artificial stereo extension. ETRI J 39(3):398–405

    Article  Google Scholar 

  31. Pang X, Zhou Y, Wang P et al (2018) An innovative neural network approach for stock market prediction. J Supercomput. https://doi.org/10.1007/s11227-017-2228-y

  32. Simperl E, Bürger T, Hangl S, Wörgl S, Popov I (2012) ONTOCOM: a reliable cost estimation method for ontology development projects. Web Semant 16:1–16

    Article  Google Scholar 

Download references

Acknowledgements

This work was supported by Institute for Information and communications Technology Promotion (IITP) grant funded by the Korea government(MSIT) (No. 2017-0-00213, Development of Cyber Self Mutation Technologies for Proactive Cyber Defence)

Author information

Authors and Affiliations

  1. Intelligence Security Research Group, Electronics and Telecommunications Research Institute, 218 Gajeongro, Yuseong gu, Daejeon, South Korea

    Jooyoung Lee, Daesung Moon & Ikkyun Kim

  2. Computer Engineering Department, Chungnam National University, 99 Daehakro, Yuseong gu, Daejeon, South Korea

    Youngseok Lee

Authors
  1. Jooyoung Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daesung Moon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ikkyun Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Youngseok Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Youngseok Lee.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lee, J., Moon, D., Kim, I. et al. A semantic approach to improving machine readability of a large-scale attack graph. J Supercomput 75, 3028–3045 (2019). https://doi.org/10.1007/s11227-018-2394-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-018-2394-6

Keywords

Search

Navigation