Ontology-based Attack Graph Enrichment

02/08/2022
by   Kéren Saint-Hilaire, et al.
0

Attack graphs provide a representation of possible actions that adversaries can perpetrate to attack a system. They are used by cybersecurity experts to make decisions, e.g., to decide remediation and recovery plans. Different approaches can be used to build such graphs. We focus on logical attack graphs, based on predicate logic, to define the causality of adversarial actions. Since networks and vulnerabilities are constantly changing (e.g., new applications get installed on system devices, updated services get publicly exposed, etc.), we propose to enrich the attack graph generation approach with a semantic augmentation post-processing of the predicates. Graphs are now mapped to monitoring alerts confirming successful attack actions and updated according to network and vulnerability changes. As a result, predicates get periodically updated, based on attack evidences and ontology enrichment. This allows to verify whether changes lead the attacker to the initial goals or to cause further damage to the system not anticipated in the initial graphs. We illustrate the approach under the specific domain of cyber-physical security affecting smart cities. We validate the approach using existing tools and ontologies.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
06/21/2022

Identification of Attack Paths Using Kill Chain and Attack Graphs

The ever-evolving capabilities of cyber attackers force security adminis...
research
05/27/2021

Security and Privacy in the Emerging Cyber-Physical World: A Survey

With the emergence of low-cost smart and connected IoT devices, the area...
research
04/05/2019

Efficient attack countermeasure selection accounting for recovery and action costs

The losses arising from a system being hit by cyber attacks can be stagg...
research
06/06/2020

An Attacker Modeling Framework for the Assessment of Cyber-Physical Systems Security

Characterizing attacker behavior with respect to Cyber-Physical Systems ...
research
05/13/2020

Cyclic Bayesian Attack Graphs: A Systematic Computational Approach

Attack graphs are commonly used to analyse the security of medium-sized ...
research
10/06/2021

A Novel Approach for Attack Tree to Attack Graph Transformation: Extended Version

Attack trees and attack graphs are both common graphical threat models u...
research
07/06/2021

SAGE: Intrusion Alert-driven Attack Graph Extractor

Attack graphs (AG) are used to assess pathways availed by cyber adversar...

Please sign up or login with your details

Forgot password? Click here to reset