A novel centrality measure for network-wide cyber vulnerability assessment

In this work we propose a novel formulation that models the attack and compromise on a cyber network as a combination of two parts - direct compromise of a host and the compromise occurring through the spread of the attack on the network from a compromised host. The model parameters for the nodes are a concise representation of the host profiles that can include the risky behaviors of the associated human users while the model parameters for the edges are based on the existence of vulnerabilities between each pair of connected hosts. The edge models relate to the summary representations of the corresponding attack-graphs. This results in a formulation based on Random Walk with Restart (RWR) and the resulting centrality metric can be solved for in an efficient manner through the use of sparse linear solvers. Thus the formulation goes beyond mere topological considerations in centrality computations by summarizing the host profiles and the attack graphs into the model parameters. The computational efficiency of the method also allows us to also quantify the uncertainty in the centrality measure through Monte Carlo analysis.

[1]  Emilie Hogan,et al.  A graph analytic metric for mitigating advanced persistent threat , 2013, 2013 IEEE International Conference on Intelligence and Security Informatics.

[2]  David A. Schmidt,et al.  Aggregating vulnerability metrics in enterprise networks using attack graphs , 2013, J. Comput. Secur..

[3]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[4]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[5]  Ramakrishna Tipireddy,et al.  Quantifying mixed uncertainties in cyber attacker payoffs , 2015, 2015 IEEE International Symposium on Technologies for Homeland Security (HST).

[6]  Anne Greenbaum,et al.  Iterative methods for solving linear systems , 1997, Frontiers in applied mathematics.

[7]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[8]  Amy Nicole Langville,et al.  Google's PageRank and beyond - the science of search engine rankings , 2006 .

[9]  Marc Dacier,et al.  Models and tools for quantitative assessment of operational security , 1996, SEC.

[10]  Karen A. Scarfone,et al.  An analysis of CVSS version 2 vulnerability scoring , 2009, ESEM 2009.

[11]  Mourad Debbabi,et al.  Graph-theoretic characterization of cyber-threat infrastructures , 2015, Digit. Investig..

[12]  Xinming Ou,et al.  Improving Attack Graph Visualization through Data Reduction and Attack Grouping , 2008, VizSEC.

[13]  Yu Liu,et al.  Network vulnerability assessment using Bayesian networks , 2005, SPIE Defense + Commercial Sensing.

[14]  Arun V. Sathanur,et al.  PHYSENSE: Scalable sociological interaction models for influence estimation on online social networks , 2013, 2013 IEEE International Conference on Intelligence and Security Informatics.

[15]  Giovanni Vigna,et al.  Using Hidden Markov Models to Evaluate the Risks of Intrusions , 2006, RAID.

[16]  Sushil Jajodia,et al.  Topological Vulnerability Analysis , 2010, Cyber Situational Awareness.

[17]  Edmund M. Clarke,et al.  Ranking Attack Graphs , 2006, RAID.

[18]  Anoop Singhal,et al.  Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs , 2011 .

[19]  Sushil Jajodia,et al.  Measuring Security Risk of Networks Using Attack Graphs , 2010, Int. J. Next Gener. Comput..

[20]  Lingyu Wang,et al.  Measuring Network Security Using Bayesian Network-Based Attack Graphs , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[21]  Shing-Tung Yau,et al.  Discrete Green's Functions , 2000, J. Comb. Theory A.