Ranking Attack Graphs

A majority of attacks on computer systems result from a combination of vulnerabilities exploited by an intruder to break into the system. An Attack Graph is a general formalism used to model security vulnerabilities of a system and all possible sequences of exploits which an intruder can use to achieve a specific goal. Attack Graphs can be constructed automatically using off-the-shelf model-checking tools. However, for real systems, the size and complexity of Attack Graphs greatly exceeds human ability to visualize, understand and analyze. Therefore, it is useful to identify relevant portions of an Attack Graph. To achieve this, we propose a ranking scheme for the states of an Attack Graph. Rank of a state shows its importance based on factors like the probability of an intruder reaching that state. Given a Ranked Attack Graph, the system administrator can concentrate on relevant subgraphs to figure out how to start deploying security measures. We also define a metric of security of the system based on ranks which the system administrator can use to compare Attack Graphs and determine the effectiveness of various defense measures. We present two algorithms to rank states of an Attack Graph based on the probability of an attacker reaching those states. The first algorithm is similar to the PageRank algorithm used by Google to measure importance of web pages on the World Wide Web. It is flexible enough to model a variety of situations, efficiently computable for large sized graphs and offers the possibility of approximations using graph partitioning. The second algorithm ranks individual states based on the reachability probability of an attacker in a random simulation. Finally, we give examples of an application of ranking techniques to multi-stage cyber attacks.

[1]  Sepandar D. Kamvar,et al.  An Analytical Comparison of Approaches to Personalizing PageRank , 2003 .

[2]  Bharat B. Madan,et al.  A method for modeling and quantifying the security attributes of intrusion tolerant systems , 2004, Perform. Evaluation.

[3]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[4]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[5]  Taher H. Haveliwala,et al.  Adaptive methods for the computation of PageRank , 2004 .

[6]  Rodolphe Ortalo,et al.  Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security , 1999, IEEE Trans. Software Eng..

[7]  Somesh Jha,et al.  Survivability analysis of networked systems , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[8]  Sergey Brin,et al.  The Anatomy of a Large-Scale Hypertextual Web Search Engine , 1998, Comput. Networks.

[9]  John Hale,et al.  A systematic approach to multi-stage network attack analysis , 2004, Second IEEE International Information Assurance Workshop, 2004. Proceedings..

[10]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[11]  Robert K. Brayton,et al.  Probabilistic state space search , 1999, 1999 IEEE/ACM International Conference on Computer-Aided Design. Digest of Technical Papers (Cat. No.99CH37051).

[12]  Somesh Jha,et al.  Minimization and Reliability Analyses of Attack Graphs , 2002 .

[13]  G. Golub,et al.  A Fast Two-Stage Algorithm for Computing PageRank , 2003 .

[14]  Gene H. Golub,et al.  Exploiting the Block Structure of the Web for Computing , 2003 .

[15]  Donald F. Towsley,et al.  Email worm modeling and defense , 2004, Proceedings. 13th International Conference on Computer Communications and Networks (IEEE Cat. No.04EX969).

[16]  Marc Dacier,et al.  Models and tools for quantitative assessment of operational security , 1996, SEC.

[17]  Jeannette M. Wing,et al.  Survivability analysis of networked systems , 2001, ICSE 2001.

[18]  Taher H. Haveliwala Efficient Computation of PageRank , 1999 .

[19]  Jeannette M. Wing,et al.  Tools for Generating and Analyzing Attack Graphs , 2003, FMCO.

[20]  Stephan Merz,et al.  Model Checking , 2000 .

[21]  Gene H. Golub,et al.  Extrapolation methods for accelerating PageRank computations , 2003, WWW '03.

[22]  Sushil Jajodia,et al.  Managing attack graph complexity through visual hierarchical aggregation , 2004, VizSEC/DMSEC '04.

[23]  Carl D. Meyer,et al.  Deeper Inside PageRank , 2004, Internet Math..

[24]  Somesh Jha,et al.  Two formal analyses of attack graphs , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[25]  Franco Scarselli,et al.  Inside PageRank , 2005, TOIT.