Skip to main content
SpringerLink
Log in

Cyber Key Terrain Identification Using Adjusted PageRank Centrality

  • Conference paper
  • First Online:
ICT Systems Security and Privacy Protection (SEC 2023)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 679))

  • 81 Accesses

Abstract

The cyber terrain contains devices, network services, cyber personas, and other network entities involved in network operations. Designing a method that automatically identifies key network entities to network operations is challenging. However, such a method is essential for determining which cyber assets should the cyber defense focus on. In this paper, we propose an approach for the classification of IP addresses belonging to cyber key terrain according to their network position using the PageRank centrality computation adjusted by machine learning. We used hill climbing and random walk algorithms to distinguish PageRank’s damping factors based on source and destination ports captured in IP flows. The one-time learning phase on a static data sample allows near-real-time stream-based classification of key hosts from IP flow data in operational conditions without maintaining a complete network graph. We evaluated the approach on a dataset from a cyber defense exercise and on data from the campus network. The results show that cyber key terrain identification using the adjusted computation of centrality is more precise than its original version.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Barreto, A.B., Costa, P.C.: Cyber-ARGUS - a mission assurance framework. J. Netw. Comput. Appl. 133, 86–108 (2019). https://doi.org/10.1016/j.jnca.2019.02.001

    Article  Google Scholar 

  2. Brin, S., Page, L.: The anatomy of a large-scale hypertextual web search engine. Comput. Netw. ISDN Syst. 30(1), 107–117 (1998). https://doi.org/10.1016/S0169-7552(98)00110-X

    Article  Google Scholar 

  3. Caralli, R.A., Allen, J.H., White, D.W.: CERT Resilience Management Model - CERT-RMM. Addison-Wesley Educational Publishers Inc. (2016)

    Google Scholar 

  4. Gartner Unveils the Top Eight Cybersecurity Predictions for 2022-23. Gartner, Inc. https://www.gartner.com/en/newsroom/press-releases/2022-06-21-gartner-unveils-the-top-eight-cybersecurity-predictio. Accessed 3 Feb 2023

  5. Goodall, J.R., D’Amico, A., Kopylec, J.K.: Camus: automatically mapping cyber assets to missions and users. In: MILCOM 2009-2009 IEEE Military Communications Conference, pp. 1–7. IEEE (2009). https://doi.org/10.1109/MILCOM.2009.5380096

  6. Guion, J., Reith, M.: Cyber terrain mission mapping: tools and methodologies. In: 2017 International Conference on Cyber Conflict (CyCon US), pp. 105–111. IEEE (2017). https://doi.org/10.1109/CYCONUS.2017.8167504

  7. Hofstede, R., et al.: Flow monitoring explained: from packet capture to data analysis with NetFlow and IPFIX. IEEE Commun. Surv. Tutor. 16(4), 2037–2064 (2014). https://doi.org/10.1109/COMST.2014.2321898

    Article  Google Scholar 

  8. Jacobson, S.H., Yücesan, E.: Analyzing the performance of generalized hill climbing algorithms. J. Heuristics 10, 387–405 (2004). https://doi.org/10.1023/B:HEUR.0000034712.48917.a9

    Article  Google Scholar 

  9. Kay, B., Lu, H., Devineni, P., Tabassum, A., Chintavali, S., Lee, S.M.: Identification of critical infrastructure via PageRank. In: 2021 IEEE International Conference on Big Data (Big Data), pp. 3685–3690 (2021). https://doi.org/10.1109/BigData52589.2021.9671620

  10. Kim, A., Kang, M.H.: Determining asset criticality for cyber defense. Technical report, Naval Research Laboratory (2011). https://apps.dtic.mil/sti/pdfs/ADA550373.pdf

  11. Motzek, A., Möller, R.: Context- and bias-free probabilistic mission impact assessment. Comput. Secur. 65, 166–186 (2017). https://doi.org/10.1016/j.cose.2016.11.005

    Article  Google Scholar 

  12. Musman, S., Tanner, M., Temin, A., Elsaesser, E., Loren, L.: A systems engineering approach for crown jewels estimation and mission assurance decision making. In: 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), pp. 210–216. IEEE (2011). https://doi.org/10.1109/CICYBS.2011.5949403

  13. Netbox documentation (2022). https://netbox.readthedocs.io/en/stable/. Accessed 15 Dec 2022

  14. Noel, S., Dudman, T., Trepagnier, P., Badesha, S.: Mission models for cyber-resilient military operations. Technical report, MIT Lincoln Laboratory Lexington United States (2018). https://apps.dtic.mil/sti/pdfs/AD1091410.pdf

  15. Oliva, G., Esposito Amideo, A., Starita, S., Setola, R., Scaparra, M.P.: Aggregating centrality rankings: a novel approach to detect critical infrastructure vulnerabilities. In: Nadjm-Tehrani, S. (ed.) CRITIS 2019. LNCS, vol. 11777, pp. 57–68. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-37670-3_5

    Chapter  Google Scholar 

  16. Orion Platform – Scalable IT Monitoring. SolarWinds (2022). https://www.solarwinds.com/solutions/orion. Accessed 15 Dec 2022

  17. Raymond, D., Cross, T., Conti, G., Nowatkowski, M.: Key terrain in cyberspace: seeking the high ground. In: 2014 6th International Conference on Cyber Conflict (CyCon 2014), pp. 287–300 (2014). https://doi.org/10.1109/CYCON.2014.6916409

  18. Rozenshtein, P., Gionis, A.: Temporal PageRank. In: Frasconi, P., Landwehr, N., Manco, G., Vreeken, J. (eds.) ECML PKDD 2016. LNCS, vol. 9852, pp. 674–689. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46227-1_42

    Chapter  Google Scholar 

  19. Sadlek, L., Čeleda, P.: Supplementary materials: cyber key terrain identification using adjusted PageRank centrality. Zenodo (2023). https://doi.org/10.5281/zenodo.7884228. Accessed 2 May 2023

  20. Selman, B., Kautz, H.A., Cohen, B., et al.: Noise strategies for improving local search. In: AAAI, vol. 94, pp. 337–343 (1994). https://cdn.aaai.org/AAAI/1994/AAAI94-051.pdf

  21. Silva, F.R.L., Jacob, P.: Mission-centric risk assessment to improve cyber situational awareness. In: Proceedings of the 13th International Conference on Availability, Reliability and Security. ARES 2018. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3230833.3233281

  22. Stergiopoulos, G., Theocharidou, M., Kotzanikolaou, P., Gritzalis, D.: Using centrality measures in dependency risk graphs for efficient risk mitigation. In: Rice, M., Shenoi, S. (eds.) ICCIP 2015. IFIPAICT, vol. 466, pp. 299–314. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26567-4_18

    Chapter  Google Scholar 

  23. Sun, X., Singhal, A., Liu, P.: Who touched my mission: towards probabilistic mission impact assessment. In: Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense. SafeConfig 2015, pp. 21–26. Association for Computing Machinery, New York (2015). https://doi.org/10.1145/2809826.2809834

  24. Tovarňák, D., Špaček, S., Vykopal, J.: Traffic and log data captured during a cyber defense exercise. Data Brief 31, 105784 (2020). https://doi.org/10.1016/j.dib.2020.105784

    Article  Google Scholar 

  25. Tovarňák, D., Špaček, S., Vykopal, J.: Traffic and log data captured during a cyber defense exercise. Zenodo (2020). https://doi.org/10.5281/zenodo.3746129. Accessed 9 Mar 2023

  26. Trammell, B., Boschi, E.: Bidirectional flow export using IP Flow Information Export (IPFIX). RFC 5103, Internet Engineering Task Force (2008). http://www.ietf.org/rfc/rfc5103.txt. Accessed 5 Mar 2023

Download references

Acknowledgement

This research was supported by ERDF project “CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence” (No. CZ.02.1.01/0.0/0.0/16_019/0000822).

Author information

Authors and Affiliations

  1. Institute of Computer Science, Masaryk University, Brno, Czech Republic

    Lukáš Sadlek & Pavel Čeleda

  2. Faculty of Informatics, Masaryk University, Brno, Czech Republic

    Lukáš Sadlek & Pavel Čeleda

Authors
  1. Lukáš Sadlek
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pavel Čeleda
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lukáš Sadlek .

Editor information

Editors and Affiliations

  1. Poznan Supercomputing and Networking Center, Poznań, Poland

    Norbert Meyer

  2. Poznań University of Technology, Poznań, Poland

    Anna Grocholewska-Czuryło

Rights and permissions

Reprints and permissions

Copyright information

© 2024 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sadlek, L., Čeleda, P. (2024). Cyber Key Terrain Identification Using Adjusted PageRank Centrality. In: Meyer, N., Grocholewska-Czuryło, A. (eds) ICT Systems Security and Privacy Protection. SEC 2023. IFIP Advances in Information and Communication Technology, vol 679. Springer, Cham. https://doi.org/10.1007/978-3-031-56326-3_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-56326-3_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-56325-6

  • Online ISBN: 978-3-031-56326-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation