Mission-focused cyber situational understanding via graph analytics

This paper describes CyGraph, a prototype tool for improving network security posture, maintaining situational understanding in the face of cyberattacks, and focusing on protection of mission-critical assets. CyGraph captures complex relationships among entities in the cyber security domain, along with how mission elements depend on cyberspace assets. Pattern-matching queries traverse the graph of interrelations according to user-specified constraints, yielding focused clusters of high-risk activity from the swarm of complex interrelationships. Analytic queries are expressed in CyGraph Query Language (CyQL), a domain-specific language for expressing graph patterns of interest, which CyGraph translates to the backend native query language. CyGraph automatically infers the structure of its underlying graph model through analysis of the ingested data, which it presents to the user for generating queries in an intuitive way. CyGraph has been experimentally validated in both enterprise and tactical military environments.

[1]  Richard Lippmann,et al.  Practical Attack Graph Generation for Network Defense , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[2]  Marko A. Rodriguez,et al.  Exposing multi-relational networks to single-relational network analysis algorithms , 2008, J. Informetrics.

[3]  Kurt Debattista,et al.  An Empirical Evaluation of the Effectiveness of Attack Graphs and Fault Trees in Cyber-Attack Perception , 2017, IEEE Transactions on Information Forensics and Security.

[4]  Steven Noel,et al.  Chapter 4 – CyGraph: Graph-Based Analytics and Visualization for Cybersecurity , 2016 .

[5]  Sushil Jajodia,et al.  Metrics suite for network attack graph analytics , 2014, CISR '14.

[7]  Steven Noel,et al.  Analyzing Mission Impacts of Cyber Actions ( AMICA ) , 2016 .

[8]  Steven Noel Interactive Visualization and Text Mining For the CAPEC Cyber Attack Catalog , 2015 .

[9]  Kenneth Prole,et al.  A Graph-Theoretic Visualization Approach to Network Risk Analysis , 2008, VizSEC.

[10]  Barbara Kordy,et al.  DAG-based attack and defense modeling: Don't miss the forest for the attack trees , 2013, Comput. Sci. Rev..

[11]  James R. Curbo,et al.  Mission Dependency Modeling for Cyber Situational Awareness , 2016 .

[12]  Steven Noel,et al.  Big-Data Architecture for Cyber Attack Graphs Representing Security Relationships in NoSQL Graph Databases , 2014 .

[13]  Adina Crainiceanu,et al.  Rya: a scalable RDF triple store for the clouds , 2012, Cloud-I '12.

[14]  Ravi Kishore Kodali,et al.  IoT based security system , 2019, TENCON 2019 - 2019 IEEE Region 10 Conference (TENCON).

[15]  Gregory J. Conti,et al.  Towards a cyber common operating picture , 2013, 2013 5th International Conference on Cyber Conflict (CYCON 2013).