An Approach to Model Network Exploitations Using Exploitation Graphs

Li, Wei; Vaughn, Rayford B.; Dandass, Yoginder S.

doi:10.1177/0037549706072046

Cited by 19 publications

(16 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Much work has already been done in analyzing network configuration data and identifying network vulnerabilities to construct attack graphs [2,6,7,8,14,15,16,19,20,21,29,30,31,32,35,37,40,41,42,44]. Attack graphs illustrate the cumulative effect of attack steps, showing how series of individual steps can potentially enable an attacker to gain privileges deep into the network.…”

Section: Introductionmentioning

confidence: 99%

Aggregating vulnerability metrics in enterprise networks using attack graphs

Homer

Zhang

et al. 2013

JCS

100

View full text Add to dashboard Cite

Quantifying security risk is an important and yet difficult task in enterprise network security management. While metrics exist for individual software vulnerabilities, there is currently no standard way of aggregating such metrics. We present a model that can be used to aggregate vulnerability metrics in an enterprise network, producing quantitative metrics that measure the likelihood breaches can occur within a given network configuration. A clear semantic model for this aggregation is an important first step toward a comprehensive network security metric model. We utilize existing work in attack graphs and apply probabilistic reasoning to produce an aggregation that has clear semantics and sound computation. We ensure that shared dependencies between attack paths have a proportional effect on the final calculation. We correctly reason over cycles, ensuring that privileges are evaluated without any self-referencing effect. We introduce additional modeling artifacts in our probabilistic graphical model to capture and account for hidden correlations among exploit steps. The paper shows that a clear semantic model for aggregation is critical in interpreting the results, calibrating the metric model, and explaining insights gained from empirical evaluation. Our approach has been rigorously evaluated using a number of network models, as well as data from production systems.

show abstract

Section: Introductionmentioning

confidence: 99%

Aggregating vulnerability metrics in enterprise networks using attack graphs

Homer

Zhang

et al. 2013

JCS

100

View full text Add to dashboard Cite

show abstract

“…For example, an employee might switch from working with his laptop in the office or at home, but anyway he is subject to the ruling of the network which allows the access to some resources just from within the office environment. To the best of our knowledge, models which represent a snapshot of a network, such as Attack Graphs [14,1,15,23,32,20,25,31,34], are unable to deal with all these dynamic aspects.…”

Section: Introductionmentioning

confidence: 99%

“…In fact, it uses the access-to-effect paradigm used by other researchers (e.g. [14,20]) which can be obtained from the NVD [24]. Modelling the input requires (i) the network configuration, (ii) vulnerabilities in COTS present in the network which can be obtained automatically from vulnerability scanning tools such as Nessus [22], and (iii) their attributes, which can be obtained from vulnerability databases such as the NVD [24].…”

Section: Introductionmentioning

confidence: 99%

Multi-step attack modelling and simulation (MsAMS) framework based on mobile ambients

Franqueira

Lopes

Eck

2009

Proceedings of the 2009 ACM Symposium on Applied Computing

View full text Add to dashboard Cite

Attackers take advantage of any security breach to penetrate an organisation perimeter and exploit hosts as stepping stones to reach valuable assets, deeper in the network. The exploitation of hosts is possible not only when vulnerabilities in commercial off-the-shelf (COTS) software components are present, but also, for example, when an attacker acquires a credential on one host which allows exploiting further hosts on the network. Finding attacks involving the latter case requires the ability to represent dynamic models. In fact, more dynamic aspects are present in the network domain such as attackers accumulate resources (i.e. credentials) along an attack, and users and assets may move from one environment to another, although always constrained by the ruling of the network. In this paper we address these dynamic issues by presenting MsAMS (Multi-step Attack Modelling and Simulation), an implemented framework, based on Mobile Ambients, to discover attacks in networks. The idea of ambients fits naturally into this domain and has the advantage of providing flexibility for modelling. Additionally, the concept of mobility allows the simulation of attackers exploiting opportunities derived either from the exploitation of vulnerable and non-vulnerable hosts, through the acquisition of credentials. It also allows expressing security policies embedded in the rules of the ambients.

show abstract

“…It uses an access-to-effect paradigm, also used by other researchers (e.g. [125]). This paradigm adopts the type of access required for the exploitation of vulnerabilities (e.g.…”

Section: Exploit-based Attack Graphsmentioning

confidence: 99%

“…Target service or host disabled with no access to host Table 5.1: Classification of vulnerabilities based on access and effect from [126] An alternative approach, also used by the Attack Graph community, relies on simplified pre-and postconditions (e.g. [126,128,125]) to compose attack steps from vulnerabilities. This approach classifies vulnerabilities always in terms of two attributes: access (or locality) and effect.…”

Section: Chapter 5 Gaining Insights About Vulnerabilities From the Nvdmentioning

confidence: 99%

finding multi-step attacks in computer networks using heuristic search and mobile ambients

Franqueira¹

View full text Add to dashboard Cite

An Approach to Model Network Exploitations Using Exploitation Graphs

Cited by 19 publications

References 18 publications

Aggregating vulnerability metrics in enterprise networks using attack graphs

Aggregating vulnerability metrics in enterprise networks using attack graphs

Multi-step attack modelling and simulation (MsAMS) framework based on mobile ambients

finding multi-step attacks in computer networks using heuristic search and mobile ambients

Contact Info

Product

Resources

About