Reasoning about Sequential Cyberattacks

Cyber adversaries employ a variety of malware and exploits to attack computer systems, usually via sequential or “chained” attacks, that take advantage of vulnerability dependencies. In this paper, we introduce a formalism to model such attacks. We show that the determination of the set of capabilities gained by an attacker, which also translates to extent to which the system is compromised, corresponds with the convergence of a simple fixed-point operator. We then address the problem of determining the optimal/most-dangerous strategy for a cyber-adversary with respect to this model and find it to be an NP-Complete problem. To address this complexity we utilize an A*-based approach with an admissible heuristic, that incorporates the result of the fixed-point operator and uses memoization for greater efficiency. We provide an implementation and show through a suite of experiments, using both simulated and actual vulnerability data, that this method performs well in practice for identifying adversarial courses of action in this domain. On average, we found that our techniques decrease runtime by 82%.

[1]  Sushil Jajodia,et al.  Minimum-cost network hardening using attack graphs , 2006, Comput. Commun..

[2]  Robert Schuppenies,et al.  Automatic Extraction of Vulnerability Information for Attack Graphs , 2009 .

[3]  Christoph Meinel,et al.  Towards Unifying Vulnerability Information for Attack Graph Construction , 2009, ISC.

[4]  Sushil Jajodia,et al.  A Graphical Model to Assess the Impact of Multi-Step Attacks , 2018 .

[5]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[6]  Rayford B. Vaughn,et al.  An Approach to Model Network Exploitations Using Exploitation Graphs , 2006, Simul..

[7]  John Hale,et al.  A systematic approach to multi-stage network attack analysis , 2004, Second IEEE International Information Assurance Workshop, 2004. Proceedings..

[8]  P. Shakarian,et al.  Darknet Mining and Game Theory for Enhanced Cyber Threat Intelligence , 2018 .

[9]  Vincent Nicomette,et al.  An Automated Approach to Generate Web Applications Attack Scenarios , 2013, 2013 Sixth Latin-American Symposium on Dependable Computing.

[10]  Rene De La Briandais File searching using variable length keys , 1959, IRE-AIEE-ACM Computer Conference.

[11]  Jeannette M. Wing,et al.  Tools for Generating and Analyzing Attack Graphs , 2003, FMCO.

[12]  Paulo Shakarian,et al.  Data Driven Game Theoretic Cyber Threat Mitigation , 2016, AAAI.

[13]  Thomas M. Chen,et al.  Petri Net Modeling of Cyber-Physical Attacks on Smart Grid , 2011, IEEE Transactions on Smart Grid.

[14]  Sushil Jajodia,et al.  Topological analysis of network attack vulnerability , 2006, PST.