A Graph Data Model for Attack Graph Generation and Analysis

Attack graph is a useful tool for enumerating multi-stage, multi-host attacks in organizational networks. It helps in understanding the diverse nature of threats and to decide on countermeasures which require on-the-fly implementation of custom algorithms for attack graph analysis. Existing approaches on interactive analysis of attack graph use relational database which lack data structures and operations related to graph. Graph databases enable storage of graph data and efficient querying of such data. In this paper, we present a graph data model for representing input information for attack graph generation. Also, we show how graph queries can be used to generate attack graph and facilitate its analysis.

[1]  Cliff Joslyn,et al.  Massive scale cyber traffic analysis: a driver for graph database research , 2013, GRADES.

[2]  Vinod Yegneswaran,et al.  Toward a Query Language for Network Attack Data , 2006, 22nd International Conference on Data Engineering Workshops (ICDEW'06).

[3]  Sushil Jajodia,et al.  An Efficient and Unified Approach to Correlating, Hypothesizing, and Predicting Intrusion Alerts , 2005, ESORICS.

[4]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[5]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[6]  Sushil Jajodia Topological analysis of network attack vulnerability , 2007, ASIACCS '07.

[7]  Dieter Gollmann,et al.  Computer Security - ESORICS 2005, 10th European Symposium on Research in Computer Security, Milan, Italy, September 12-14, 2005, Proceedings , 2005, ESORICS.

[8]  Sushil Jajodia,et al.  Implementing interactive analysis of attack graphs using relational databases , 2008, J. Comput. Secur..

[9]  Sushil Jajodia,et al.  Minimum-cost network hardening using attack graphs , 2006, Comput. Commun..

[10]  Jaideep Srivastava,et al.  Managing Cyber Threats , 2005 .

[11]  Yixin Chen,et al.  A comparison of a graph database and a relational database: a data provenance perspective , 2010, ACM SE '10.

[12]  Bharat K. Bhargava,et al.  Extending Attack Graph-Based Security Metrics and Aggregating Their Application , 2012, IEEE Transactions on Dependable and Secure Computing.

[13]  Úlfar Erlingsson,et al.  Engineering Secure Software and Systems , 2011, Lecture Notes in Computer Science.

[14]  Paul Ammann,et al.  Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[15]  Yi Zhang,et al.  A Scalable Approach to Full Attack Graphs Generation , 2009, ESSoS.

[16]  R. Cunningham,et al.  Validating and Restoring Defense in Depth Using Attack Graphs , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.