Abstract
Evaluating network attack graphs in today’s dynamic networks poses a challenge. Conventional metrics used for attack graph based risk assessment are inadequate due to their inability to consider temporal evolution of networks. To address this limitation, we introduce the notion of temporal attack graph, which incorporates the temporal characteristics of network configurations and vulnerabilities. It provides a notion for risk assessment by providing a more precise depiction of the network’s security state over time. In addition, we introduce two security metrics based on temporal attack graphs. By effectively capturing the temporal features of dynamic networks, these metrics enable accurate measurement of network security over time. Path-based metrics analyze whether an attacker can reach a target along a specific temporal path. These metrics help in evaluating overall robustness of the network and adopting appropriate security counter measures beforehand.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
References
Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 217–224. Association for Computing Machinery, New York (2002). https://doi.org/10.1145/586110.586140
Sheyner, O., Haines, J.W., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings 2002 IEEE Symposium on Security and Privacy, pp. 273–284 (2002)
Albanese, M., Jajodia, S., Pugliese, A., Subrahmanian, V.S.: Scalable analysis of attack scenarios. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 416–433. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23822-2_23. http://dl.acm.org/citation.cfm?id=2041225.2041255
Albanese, M., Jajodia, S., Noel, S.: Time-efficient and cost-effective network hardening using attack graphs. In: IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), pp. 1–12 (2012)
Xuan, B.B., Ferreira, A., Jarry, A.: Computing shortest, fastest, and foremost journeys in dynamic networks. Int. J. Found. Comput. Sci. 14, 267–285 (2003)
Yusuf, S.E., Ge, M., Hong, J.B., Alzaid, H., Kim, D.S.: Evaluating the effectiveness of security metrics for dynamic networks. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 277–284 (2017)
Enoch, S.Y., Ge, M., Hong, J.B., Alzaid, H., Kim, D.S.: A systematic evaluation of cybersecurity metrics for dynamic networks. Comput. Netw. 144, 216–229 (2018). https://www.sciencedirect.com/science/article/pii/S1389128618306285
Bopche, G.S., Mehtre, B.M.: Attack graph generation, visualization and analysis: issues and challenges. In: Mauri, J.L., Thampi, S.M., Rawat, D.B., Jin, D. (eds.) SSCC 2014. CCIS, vol. 467, pp. 379–390. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44966-0_37
Noel, S., Jajodia, S.: A suite of metrics for network attack graph analytics. In: Wang, L., Jajodia, S., Singhal, A. (eds.) Network Security Metrics, pp. 141–176. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66505-4_7
Frigault, M., Wang, L., Jajodia, S., Singhal, A.: Measuring the overall network security by combining CVSS scores based on attack graphs and Bayesian networks. In: Wang, L., Jajodia, S., Singhal, A. (eds.) Network Security Metrics, pp. 1–23. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66505-4_1
Noel, S., Jajodia, S.: Metrics suite for network attack graph analytics. In: Proceedings of the 9th Annual Cyber and Information Security Research Conference, CISR 2014, pp. 5–8. Association for Computing Machinery, New York (2014). https://doi.org/10.1145/2602087.2602117
Wang, L., Jajodia, S., Singhal, A., Cheng, P., Noel, S.: k-zero day safety: evaluating the resilience of networks against unknown attacks. In: Wang, L., Jajodia, S., Singhal, A. (eds.) Network Security Metrics, pp. 75–93. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66505-4_4
Wang, L., Islam, T., Long, T., Singhal, A., Jajodia, S.: An attack graph-based probabilistic security metric. In: Atluri, V. (ed.) DBSec 2008. LNCS, vol. 5094, pp. 283–296. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70567-3_22
Enoch, S.Y., Hong, J.B., Ge, M., Kim, D.S.: Composite metrics for network security analysis. CoRR abs/2007.03486 (2020). https://arxiv.org/abs/2007.03486
ISO/IEC 27005: Information technology-security techniques-information security risk management. ISO/IEC 44 (2008)
Popov, O.: Priorities for research on current and emerging network technologies. ENISA (European Network and Information Security Agency) (2010)
Holme, P.: Network reachability of real-world contact sequences. Phys. Rev. E 71, 046119 (2005). https://doi.org/10.1103/PhysRevE.71.046119
Casteigts, A., Flocchini, P., Quattrociocchi, W., Santoro, N.: Time-varying graphs and dynamic networks. CoRR abs/1012.0009 (2010). http://arxiv.org/abs/1012.0009
Tang, J.K.: Temporal network metrics and their application to real world networks. Ph.D. thesis, Robinson College, University of Cambridge (2011)
Tang, J., et al.: Applications of temporal graph metrics to real-world networks. In: Holme, P., Saramäki, J. (eds.) Temporal Networks, pp. 135–159. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36461-7_7
Rossetti, G., Guidotti, R., Pennacchioli, D., Pedreschi, D., Giannotti, F.: Interaction prediction in dynamic networks exploiting community discovery. In: Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2015, ASONAM 2015, pp. 553–558. Association for Computing Machinery, New York (2015). https://doi.org/10.1145/2808797.2809401
Rossetti, G., Cazabet, R.: Community discovery in dynamic networks: a survey. ACM Comput. Surv. 51, 1–37 (2018). https://doi.org/10.1145/3172867
Viard, T., Latapy, M., Magnien, C.: Computing maximal cliques in link streams. Theor. Comput. Sci. 609, 245–252 (2016)
Latapy, M., Viard, T., Magnien, C.: Stream graphs and link streams for the modeling of interactions over time. Soc. Netw. Anal. Min. 8, 1–29 (2018). https://doi.org/10.1007/s13278-018-0537-7
Holme, P., Saramäki, J.: Temporal networks. Phys. Rep. 519, 97–125 (2012). https://www.sciencedirect.com/science/article/pii/S0370157312000841
Casteigts, A., Meeks, K., Mertzios, G.B., Niedermeier, R.: Temporal graphs: structure, algorithms, applications (dagstuhl seminar 21171). In: Dagstuhl Reports, vol. 11. Schloss Dagstuhl-Leibniz-Zentrum für Informatik (2021)
Grindrod, P., Parsons, M.C., Higham, D.J., Estrada, E.: Communicability across evolving networks. Phys. Rev. E 83, 046120 (2011)
Latora, V., Marchiori, M.: Efficient behavior of small-world networks. Phys. Rev. Lett. 87, 198701 (2001). https://doi.org/10.1103/PhysRevLett.87.198701
Watts, D.J., Strogatz, S.H.: Collective dynamics of ‘small-world’ networks. Nature 393, 440–442 (1998)
Tang, J., Musolesi, M., Mascolo, C., Latora, V.: Characterising temporal distance and reachability in mobile and online social networks. ACM SIGCOMM Comput. Commun. Rev. 40, 118–124 (2010)
Noel, S.: A review of graph approaches to network security analytics. In: Samarati, P., Ray, I., Ray, I. (eds.) From Database to Cyber Security. LNCS, vol. 11170, pp. 300–323. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-04834-1_16
Lallie, H.S., Debattista, K., Bal, J.: A review of attack graph and attack tree visual syntax in cyber security. Comput. Sci. Rev. 35, 100219 (2020). https://www.sciencedirect.com/science/article/pii/S1574013719300772
Wang, L., Liu, A., Jajodia, S.: Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts. Comput. Commun. 29, 2917–2933 (2006). https://doi.org/10.1016/j.comcom.2006.04.001
Ritchey, R.W., Ammann, P.: Using model checking to analyze network vulnerabilities. In: Proceeding 2000 IEEE Symposium on Security and Privacy, S &P 2000, pp. 156–165. IEEE (2000)
Jajodia, S., Noel, S.: Topological vulnerability analysis: a powerful new approach for network attack prevention, detection, and response. In: Algorithms, Architectures and Information Systems Security, pp. 285–305. World Scientific (2009)
Jajodia, S., Noel, S., O’berry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats: Issues, Approaches, and Challenges, vol. 5, pp. 247–266. Springer, Boston (2005). https://doi.org/10.1007/0-387-24230-9_9
A Nessus scanner. https://www.tenable.com/products/nessus
A Retina IoT (RIoT). https://sss.gd/uvAbx
Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: Proceedings of the 14th Conference on USENIX Security Symposium, SSYM 2005, vol. 14, p. 8. USENIX Association (2005)
Ceri, S., Gottlob, G., Tanca, L., et al.: What you always wanted to know about datalog (and never dared to ask). IEEE Trans. Knowl. Data Eng. 1, 146–166 (1989)
Sagonas, K., Swift, T., Warren, D.S.: XSB as an efficient deductive database engine. ACM SIGMOD Rec. 23, 442–453 (1994)
Ingols, K., Chu, M., Lippmann, R., Webster, S., Boyer, S.: Modeling modern network attacks and countermeasures using attack graphs. In: 2009 Annual Computer Security Applications Conference, pp. 117–126 (2009)
Acknowledgement
Authors would like to express their sincere thanks to the anonymous reviewers for their invaluable feedback.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Gain, A., Barik, M.S. (2023). Attack Graph Based Security Metrics for Dynamic Networks. In: Muthukkumarasamy, V., Sudarsan, S.D., Shyamasundar, R.K. (eds) Information Systems Security. ICISS 2023. Lecture Notes in Computer Science, vol 14424. Springer, Cham. https://doi.org/10.1007/978-3-031-49099-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-49099-6_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-49098-9
Online ISBN: 978-3-031-49099-6
eBook Packages: Computer ScienceComputer Science (R0)