Skip to main content
SpringerLink
Log in

Differential Attack Graph-Based Approach for Assessing Change in the Network Attack Surface

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11952))

Included in the following conference series:

  • 558 Accesses

Abstract

Assessing change in an attack surface of dynamic computer networks is a formidable challenge. Researchers have previously looked into the problem of measuring network risk and used an attack graph (AG) for network hardening. However, such AG-based approaches do not consider the likely variations in the attack surface. Further, even though it is possible to generate attack graphs for a realistic network efficiently, resulting graphs poses a severe challenge to human comprehension. To overcome such problems, in this paper, we present a differential attack graph-based change detection technique. We proposed a change distribution matrix-based technique to discern differences in the network attack surface. Our method not only detects the degree of change in the network attack surface but also finds the root causes in a time-efficient manner. We use a synthetic network to illustrate the approach and perform a set of simulations to evaluate the performance. Experimental results show that our technique is capable of assessing changes in the attack surface, and thus can be used in practice for network hardening.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Bhattacharya, P., Ghosh, S.K.: Analytical framework for measuring network security using exploit dependency graph. IET Inf. Secur. 6(4), 264–270 (2012)

    Article  Google Scholar 

  2. Bondy, J.A., Murty, U.S.R., et al.: Graph Theory with Applications, vol. 290. Macmillan, London (1976)

    Book  Google Scholar 

  3. Bopche, G.S., Mehtre, B.M.: Extending attack graph-based metrics for enterprise network security management. In: Nagar, A., Mohapatra, D.P., Chaki, N. (eds.) Proceedings of 3rd International Conference on Advanced Computing, Networking and Informatics. SIST, vol. 44, pp. 315–325. Springer, New Delhi (2016). https://doi.org/10.1007/978-81-322-2529-4_33

    Chapter  Google Scholar 

  4. Bopche, G.S., Mehtre, B.M.: Graph similarity metrics for assessing temporal changes in attack surface of dynamic networks. Comput. Secur. 64, 16–43 (2017)

    Article  Google Scholar 

  5. Bunke, H., Shearer, K.: A graph distance metric based on the maximal common subgraph. Pattern Recogn. Lett. 19(3–4), 255–259 (1998)

    Article  Google Scholar 

  6. Chung, F., Lu, L.: Connected components in random graphs with given expected degree sequences. Ann. Comb. 6(2), 125–145 (2002)

    Article  MathSciNet  Google Scholar 

  7. CVE: Common vulnerabilities and exposures. https://cve.mitre.org/

  8. Cybenko, G., Jajodia, S., Wellman, M.P., Liu, P.: Adversarial and uncertain reasoning for adaptive cyber defense: building the scientific foundation. In: Prakash, A., Shyamasundar, R. (eds.) ICISS 2014. LNCS, vol. 8880, pp. 1–8. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13841-1_1

    Chapter  Google Scholar 

  9. Dai, F., Hu, Y., Zheng, K., Wu, B.: Exploring risk flow attack graph for security risk assessment. IET Inf. Secur. 9(6), 344–353 (2015)

    Article  Google Scholar 

  10. GhasemiGol, M., Ghaemi-Bafghi, A., Takabi, H.: A comprehensive approach for network attack forecasting. Comput. Secur. 58, 83–105 (2016)

    Article  Google Scholar 

  11. Ghosh, N., Chokshi, I., Sarkar, M., Ghosh, S.K., Kaushik, A.K., Das, S.K.: NetSecuritas: an integrated attack graph-based security assessment tool for enterprise networks. In: Proceedings of the International Conference on Distributed Computing and Networking, p. 30. ACM (2015)

    Google Scholar 

  12. Huang, Z.: Human-centric training and assessment for cyber situation awareness. Ph.D. thesis, University of Delaware (2015)

    Google Scholar 

  13. Idika, N., Bhargava, B.: Extending attack graph-based security metrics and aggregating their application. IEEE Trans. Dependable Secure Comput. 9(1), 75–85 (2012)

    Article  Google Scholar 

  14. Ingols, K., Chu, M., Lippmann, R., Webster, S., Boyer, S.: Modeling modern network attacks and countermeasures using attack graphs. In: 2009 Annual Computer Security Applications Conference, pp. 117–126. IEEE (2009)

    Google Scholar 

  15. Jajodia, S., Noel, S., Kalapa, P., Albanese, M., Williams, J.: Cauldron-mission-centric cyber situational awareness with defense in depth (2011)

    Google Scholar 

  16. Kaynar, K.: A taxonomy for attack graph generation and usage in network security. J. Inf. Secur. Appl. 29, 27–56 (2016)

    Google Scholar 

  17. Koutra, D., Vogelstein, J.T., Faloutsos, C.: DELTACON: a principled massive-graph similarity function. In: Proceedings of the 2013 SIAM International Conference on Data Mining, pp. 162–170. SIAM (2013)

    Google Scholar 

  18. Kundu, A., Ghosh, S.K.: A multi-objective search strategy to select optimal network hardening measures. Int. J. Decis. Support Syst. 1(1), 130–148 (2015)

    Article  Google Scholar 

  19. Kvasnicka, V., Pospichal, J.: Fast evaluation of chemical distance by tabu search algorithm. J. Chem. Inf. Comput. Sci. 34(5), 1109–1112 (1994)

    Article  Google Scholar 

  20. Liao, Q., Striegel, A.: Intelligent network management using graph differential anomaly visualization. In: 2012 IEEE Network Operations and Management Symposium, pp. 1008–1014. IEEE (2012)

    Google Scholar 

  21. Manadhata, P., Wing, J.: Measuring a system’s attack surface. Technical report CMU-CS-04-102, January 2004

    Google Scholar 

  22. Manadhata, P., Wing, J.: An attack surface metric. IEEE Trans. Softw. Eng. 37(3), 371–386 (2011)

    Article  Google Scholar 

  23. Messmer, B.: Efficient graph matching algorithms for preprocessed model graphs (1996)

    Google Scholar 

  24. Messmer, B., Bunke, H.: A new algorithm for error-tolerant subgraph isomorphism detection. IEEE Trans. Pattern Anal. Mach. Intell. 20(5), 493–504 (1998)

    Article  Google Scholar 

  25. Ning, P., Xu, D.: Learning attack strategies from intrusion alerts. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 200–209. ACM (2003)

    Google Scholar 

  26. Noel, S., Jajodia, S.: Understanding complex network attack graphs through clustered adjacency matrices. In: 21st Annual Computer Security Applications Conference, ACSAC 2005, pp. 10-pp. IEEE (2005)

    Google Scholar 

  27. Noel, S., Jajodia, S.: Metrics suite for network attack graph analytics. In: CISR 2014, pp. 5–8 (2014)

    Google Scholar 

  28. Noel, S., Jajodia, S.: A suite of metrics for network attack graph analytics. In: Wang, L., Jajodia, S., Singhal, A. (eds.) Network Security Metrics, pp. 141–176. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66505-4_7

    Chapter  Google Scholar 

  29. Noel, S., Jajodia, S., O’Berry, B., Jacobs, M.: Efficient minimum-cost network hardening via exploit dependency graphs. In: Proceedings of 19th Annual Computer Security Applications Conference, pp. 86–95. IEEE (2003)

    Google Scholar 

  30. Noel, S., Wang, L., Singhal, A., Jajodia, S.: Measuring security risk of networks using attack graphs. IJNGC 1, 135–147 (2010)

    Google Scholar 

  31. Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 336–345. ACM (2006)

    Google Scholar 

  32. Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: USENIX Security Symposium, Baltimore, MD, vol. 8, pp. 113–128 (2005)

    Google Scholar 

  33. Pamula, J., Jajodia, S., Ammann, P., Swarup, V.: A weakest-adversary security metric for network configuration security analysis. In: Proceedings of the 2nd ACM workshop on Quality of Protection, pp. 31–38. ACM (2006)

    Google Scholar 

  34. Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Secure Comput. 9(1), 61–74 (2012)

    Article  Google Scholar 

  35. Raymond, J.W., Gardiner, E.J., Willett, P.: RASCAL: calculation of graph similarity using maximum common edge subgraphs. Comput. J. 45(6), 631–644 (2002)

    Article  Google Scholar 

  36. Showbridge, P., Kraetzl, M., Ray, D.: Detection of abnormal change in dynamic networks. In: Proceedings of Information, Decision and Control, IDC 1999, pp. 557–562 (1999)

    Google Scholar 

  37. Tupper, M., Zincir-Heywood, A.N.: VEA-bility security metric: a network security analysis tool. In: 2008 Third International Conference on Availability, Reliability and Security, pp. 950–957. IEEE (2008)

    Google Scholar 

  38. Wang, L., Jajodia, S., Singhal, A., Cheng, P., Noel, S.: k-zero day safety: a network security metric for measuring the risk of unknown vulnerabilities. IEEE Trans. Dependable Secure Comput. 11(1), 30–44 (2014)

    Article  Google Scholar 

  39. Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Comput. Commun. 29(18), 3812–3824 (2006)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Madanapalle Institute of Technology and Science (MITS), Madanapalle, Andhra Pradesh, India

    Ghanshyam S. Bopche & B. Ramchandra Reddy

  2. Centre of Excellence in Cyber Security, IDRBT, Hyderabad, India

    Ghanshyam S. Bopche & B. M. Mehtre

  3. Collins Aerospace, Hyderabad, India

    Gopal N. Rai

Authors
  1. Ghanshyam S. Bopche
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gopal N. Rai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. B. Ramchandra Reddy
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. B. M. Mehtre
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ghanshyam S. Bopche .

Editor information

Editors and Affiliations

  1. Max Planck Institute for Software Systems, Kaiserslautern and Saarbrücken, Germany

    Deepak Garg

  2. Institute for Development and Research in Banking Technology, Hyderabad, India

    N. V. Narendra Kumar

  3. Indian Institute of Technology Bombay, Mumbai, India

    Rudrapatna K. Shyamasundar

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bopche, G.S., Rai, G.N., Ramchandra Reddy, B., Mehtre, B.M. (2019). Differential Attack Graph-Based Approach for Assessing Change in the Network Attack Surface. In: Garg, D., Kumar, N., Shyamasundar, R. (eds) Information Systems Security. ICISS 2019. Lecture Notes in Computer Science(), vol 11952. Springer, Cham. https://doi.org/10.1007/978-3-030-36945-3_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-36945-3_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-36944-6

  • Online ISBN: 978-3-030-36945-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation