Multi-Path Attack Graph Algorithm

Salfer, Martin

doi:10.1007/978-3-658-43506-6_5

Martin Salfer²

87 Accesses

Abstract

The (Multi-Path Attack Graph Algorithm) chapter contributes an algorithm (P3Salfer) and an implementation for generating multi-path attack graphs, which are a superset of single-path attack graphs by allowing several paths toward a goal node for a more realistic risk result. Bayesian networks are also generated and inferred with an algorithm (P3Bayes) for comparison.

All roads lead to Rome

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
UnBBayes is an open-source framework for probabilistic models. UnBBayes has many academic contributors, registered in 2002, and is still active; see https://sourceforge.net/projects/unbbayes/.
2.
nmap is a famous network discovery and security auditing tool; see https://nmap.org/.
3.
The monotonicity property might not hold in domains and cases outside of an automotive on-board network, e.g., in the case of Advanced Persistent Threats (APTs), where game theory is necessary to model the attacker and defender behavior.
4.
libdbus is a software implementation of D-Bus (Desktop Bus), an inter-process communication mechanism made initially for desktops, e.g., KDE and GNOME. Now running in several car makes.
5.
The “attackability,” becoming successfully attacked, is not to be confused with “attack ability,” an attacker’s power.
6.
MapReduce [77] is a programming model with a split-apply-combine strategy for distributing and scaling algorithms by many independent execution units. MapReduce became famous for scaling web searches.
7.
The junction tree algorithm is applied on Bayesian networks for inferencing; see details in Section 2.5.3.2 (Inference Algorithms) on page 61.
8.
An astronomical progress in memory research and development is not to be expected as the universe appears to consist of only circa \(2^{300}\) atoms.
9.
The used JDK is version 8u131 for x86-64-bit and was released in April 2017.
10.
UnBBayes: https://sourceforge.net/projects/unbbayes/.
11.
Jayes: https://eclipse.org/recommenders/jayes/.
12.
Banjo: https://users.cs.duke.edu/~amink/software/banjo/.
13.
SMILE: http://genie.sis.pitt.edu/.
14.
JavaBayes blog post: https://dataworks-inc.com/simple-bayesian-network-inference-using-netica-and-javabayes/.
15.
The attack graphs were exported as a DOT file and fed to Graphviz for generating images of the attack graphs; see also Section 3.8.2.2 (Libraries) on page 116.
16.
Gephi: https://gephi.org/, retrieved on 2020-04-04.
17.
gexf4j: https://github.com/francesco-ficarola/gexf4j, retrieved on 2020-04-04.
18.
Graphviz: https://www.graphviz.org/, retrieved on 2020-04-04.
19.
GraphStream: https://graphstream-project.org/, retrieved on 2020-04-04.
20.
JUNG: http://jung.sourceforge.net/, retrieved on 2020-04-04.
21.
JGraphT: https://jgrapht.org/visualizations.html, retrieved on 2020-04-04.
22.
Prefuse: https://en.wikipedia.org/wiki/Prefuse, retrieved on 2020-04-04.
23.
Prefuse source code: https://github.com/prefuse/Prefuse.
24.
The newest GEXF format version is 1.2draft from 2010–12, retrieved on 2020-05-02.
25.
VisualVM details can be found in Section 3.8.2.3 (Development Tools) on page 118.
26.
The approach has been designed for and tested on development data of an actual mass-produced vehicle. Hence, an NDA (Non-Disclosure Agreement) became obligatory and prohibits the disclosure of details, even the make and model.
27.
Creating and using a generalized synthetic automotive on-board network model was also done in a similar project: EndorA [93]. Researchers designed an on-board network that is typical for a contemporary vehicle.
28.
Chain parameters: \(s_{sv} = 0.999\); \(a_{b\mu } = n * C_E (a, e)\).
29.
Mesh parameters: \(s_{sv} = 0.2\); \(a_{b\mu } = 3 * C_E (a, e)\).
30.
Multibus parameters: \(s_{sv} = 0.9\); \(a_{b\mu } = 3 * C_E (a, e)\); 25 nodes a bus.
31.
This CPU has two physical cores, a Haswell microarchitecture on 22nm, and was released in 2013.
32.
Java memory units are traditionally defined with a binary multiplier (1 024) instead of a decimal one (1 000), i.e., Xmx3G allows 3.0 GiB \(\approx \) 3.2 GB.
33.
The Java Virtual Machine is the logic that executes the Java bytecode. The JVM can also compile the bytecode to machine code.
34.
PGF/TikZ: https://github.com/pgf-tikz/pgf
35.
Princeton researchers warn of floating-point operation errors and urge using libraries; see [269] and Section 3.8.2.2.

Author information

Authors and Affiliations

München, Germany
Martin Salfer

Authors

Martin Salfer
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Martin Salfer .

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Salfer, M. (2024). Multi-Path Attack Graph Algorithm. In: Automotive Security Analyzer for Exploitability Risks. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-43506-6_5

Download citation

DOI: https://doi.org/10.1007/978-3-658-43506-6_5
Published: 16 March 2024
Publisher Name: Springer Vieweg, Wiesbaden
Print ISBN: 978-3-658-43505-9
Online ISBN: 978-3-658-43506-6
eBook Packages: Computer Science and Engineering (German Language)

Publish with us

Policies and ethics