A Reinforcement Learning Approach for Attack Graph Analysis

Attack graph approach is a common tool for the analysis of network security. However, analysis of attack graphs could be complicated and difficult depending on the attack graph size. This paper presents an approximate analysis approach for attack graphs based on Q-learning. First, we employ multi-host multi-stage vulnerability analysis (MulVAL) to generate an attack graph for a given network topology. Then we refine the attack graph and generate a simplified graph called a transition graph. Next, we use a Q-learning model to find possible attack routes that an attacker could use to compromise the security of the network. Finally, we evaluate the approach by applying it to a typical IT network scenario with specific services, network configurations, and vulnerabilities.

[1]  Gary Stoneburner,et al.  Engineering principles for information technology security (a baseline for achieving security) :: recommendations of the National Institute of Standards and Technology , 2001 .

[2]  R. Cunningham,et al.  Validating and Restoring Defense in Depth Using Attack Graphs , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[3]  Timothy Grance,et al.  SP 800-35. Guide to Information Technology Security Services , 2003 .

[4]  John Hale,et al.  A systematic approach to multi-stage network attack analysis , 2004, Second IEEE International Information Assurance Workshop, 2004. Proceedings..

[5]  Peter Dayan,et al.  Q-learning , 1992, Machine Learning.

[6]  Sushil Jajodia,et al.  Topological analysis of network attack vulnerability , 2006, PST.

[7]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[8]  David A. Schmidt,et al.  Aggregating vulnerability metrics in enterprise networks using attack graphs , 2013, J. Comput. Secur..

[9]  Richard Lippmann,et al.  An Interactive Attack Graph Cascade and Reachability Display , 2007, VizSEC.

[10]  Richard P. Lippmann,et al.  An Annotated Review of Past Papers on Attack Graphs , 2005 .

[11]  Richard Kissel,et al.  Glossary of Key Information Security Terms , 2014 .

[12]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[13]  Sushil Jajodia,et al.  Managing attack graph complexity through visual hierarchical aggregation , 2004, VizSEC/DMSEC '04.

[14]  Anoop Singhal,et al.  Quantitative Security Risk Assessment of Enterprise Networks , 2011, Springer Briefs in Computer Science.

[15]  Paul Ammann,et al.  Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[16]  Huaglory Tianfield,et al.  A novel approach for analysis of attack graph , 2017, 2017 IEEE International Conference on Intelligence and Security Informatics (ISI).

[17]  Richard Lippmann,et al.  Practical Attack Graph Generation for Network Defense , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[18]  Xinming Ou,et al.  Improving Attack Graph Visualization through Data Reduction and Attack Grouping , 2008, VizSEC.

[19]  Sushil Jajodia,et al.  Topological Vulnerability Analysis: A Powerful New Approach For Network Attack Prevention, Detection, and Response , 2008 .