Augmenting attack graphs to represent data link and network layer vulnerabilities

Acosta, Jaime C.; Padilla, Edgar; Homer, John

doi:10.1109/milcom.2016.7795462

Cited by 9 publications

(5 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Jilcott [72] presented a technology that automatically maps and explores the firmware/software architecture of a commodity IT device and then generates attack scenarios for the device. Acosta et al [75] augmented MulVAL to incorporate network layer misconfigurations. In particular, they presented ARP spoofing and route hijacking scenarios.…”

Section: Extension Findingsmentioning

confidence: 99%

A Survey of MulVAL Extensions and Their Attack Scenarios Coverage

et al. 2023

View full text Add to dashboard Cite

Organizations employ various adversary models to assess the risk and potential impact of attacks on their networks. A popular method of visually representing cyber risks is the attack graph. Attack graphs represent vulnerabilities and actions an attacker can take to identify and compromise an organization's assets. Attack graphs facilitate the visual presentation and algorithmic analysis of attack scenarios in the form of attack paths. MulVAL is a generic open-source framework for constructing logical attack graphs, which has been widely used by researchers and practitioners and extended by them with additional attack scenarios. This paper surveys all of the existing MulVAL extensions and maps all MulVAL interaction rules to MITRE ATT&CK Techniques to estimate their attack scenarios coverage. This survey aligns current MulVAL extensions along unified ontological concepts and highlights the existing gaps. It paves the way for the systematic improvement of MulVAL and the comprehensive modeling of the entire landscape of adversarial behaviors captured in MITRE ATT&CK.

show abstract

Section: Extension Findingsmentioning

confidence: 99%

A Survey of MulVAL Extensions and Their Attack Scenarios Coverage

et al. 2023

View full text Add to dashboard Cite

show abstract

“…Many tools, models and metrics have been deployed for scanning network vulnerabilities such Nessus [20], but they are limited because only the isolated vulnerabilities are reported while attacker can combine multiple vulnerabilities to penetrate networks. As solution, AGs have been suggested to study the interdependency between security conditions and the vulnerabilities existing in the network [18], [25], [21], [30], [1], [37]. Attack graphs provide a global view of the network in term of network connectivity it gives a detailed analysis of vulnerabilities and their dependencies.…”

Section: Related Workmentioning

confidence: 99%

A Game Theoretic approach based virtual machine migration for cloud environment security

Elmir¹,

mehdi²,

Mohamed³

et al. 2022

Int. j. commun. netw. inf. secur.

View full text Add to dashboard Cite

In cloud computing environment, static configurations can provide for the attackers an environment too easy for exploitation and discovering the network vulnerabilities in order to compromise the network and launching intrusions; while dynamic reconfiguration seeks to develop a virtual machine (VM) migration over the cloud by applying unpredictability of network configuration’s change, and thus improving the system security. In this work a novel approach that performs proactive and reactive measures to ensure a high availability and to minimize the attack surface using VM migration is proposed. This interaction between attack and defense systems was formulated as game model. As result, we have calculated the Nash equilibrium and the utilities for the both attacker and defender, evaluate the parameters which can maximize the defender’s utility when the VM migration was planned and identify the potential attack paths. Therefore, the effectiveness of the game model was validated by some numerical results that determine optimal migration strategies in order to ensure the security of the system.

show abstract

“…Acosta et al [9] extended MulVAL to represent a specific data link vulnerability through which the ARP spoofing attack can be modeled. In this study, we propose a comprehensive network model, which considers the seven layers of the OSI model, supports wireless and short-range communication protocols, and models specific industrial communication architectures.…”

Section: Related Workmentioning

confidence: 99%

“…A man-in-the-middle (MITM) attack is a scenario in which the attacker manages to pose as a relay of the communication between two hosts. We distinguish between a MITM attack in the link layer (Listing 14, lines 1-6), in which the entire communication between SrcHost and DstHost is routed through the attacker's host (AttackerHost); and a MITM attack in the end-to-end layer (Listing 14, lines [8][9][10][11][12], in which only a specific application layer protocol (represented by the P ort and P rot arguments) is routed through the attacker's host.…”

Section: Man-in-the-middle Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Extending Attack Graphs to Represent Cyber-Attacks in Communication Protocols and Modern IT Networks

Stan¹,

Bitton²,

Ezrets³

et al. 2019

Preprint

View full text Add to dashboard Cite

An attack graph is a method used to enumerate the possible paths that an attacker can execute in the organization network. MulVAL is a known open-source framework used to automatically generate attack graphs. MulVAL's default modeling has two main shortcomings. First, it lacks the representation of network protocol vulnerabilities, and thus it cannot be used to model common network attacks such as ARP poisoning, DNS spoofing, and SYN flooding. Second, it does not support advanced types of communication such as wireless and bus communication, and thus it cannot be used to model cyber-attacks on networks that include IoT devices or industrial components. In this paper, we present an extended network security model for MulVAL that: (1) considers the physical network topology, (2) supports short-range communication protocols (e.g., Bluetooth), (3) models vulnerabilities in the design of network protocols, and (4) models specific industrial communication architectures. Using the proposed extensions, we were able to model multiple attack techniques including: spoofing, man-in-the-middle, and denial of service, as well as attacks on advanced types of communication.We demonstrate the proposed model on a testbed implementing a simplified network architecture comprised of both IT and industrial components.

show abstract

Augmenting attack graphs to represent data link and network layer vulnerabilities

Cited by 9 publications

References 11 publications

A Survey of MulVAL Extensions and Their Attack Scenarios Coverage

A Survey of MulVAL Extensions and Their Attack Scenarios Coverage

A Game Theoretic approach based virtual machine migration for cloud environment security

Extending Attack Graphs to Represent Cyber-Attacks in Communication Protocols and Modern IT Networks

Contact Info

Product

Resources

About