Attack Graph Analysis for Network Anti-Forensics

Rahul Chandran; Wei Q. Yan

doi:10.4018/ijdcf.2014010103

Attack Graph Analysis for Network Anti-Forensics

International Journal of Digital Crime and Forensics ◽

10.4018/ijdcf.2014010103 ◽

2014 ◽

Vol 6 (1) ◽

pp. 28-50 ◽

Cited By ~ 2

Author(s):

Rahul Chandran ◽

Wei Q. Yan

Keyword(s):

Cyber Attacks ◽

Successful Implementation ◽

Graph Analysis ◽

Test Bed ◽

Network Attacks ◽

Attack Graphs ◽

Defense Strategies ◽

Attack Graph ◽

Attack Path ◽

First Time

The development of technology in computer networks has boosted the percentage of cyber-attacks today. Hackers are now able to penetrate even the strongest IDS and firewalls. With the help of anti-forensic techniques, attackers defend themselves, from being tracked by destroying and distorting evidences. To detect and prevent network attacks, the main modus of operandi in network forensics is the successful implementation and analysis of attack graph from gathered evidences. This paper conveys the main concepts of attack graphs, requirements for modeling and implementation of graphs. It also contributes the aspect of incorporation of anti-forensic techniques in attack graph which will help in analysis of the diverse possibilities of attack path deviations and thus aids in recommendation of various defense strategies for better security. To the best of our knowledge, this is the first time network anti-forensics has been fully discussed and the attack graphs are employed to analyze the network attacks. The experimental analysis of anti-forensic techniques using attack graphs were conducted in the proposed test-bed which helped to evaluate the model proposed and suggests preventive measures for the improvement of security of the networks.

Download Full-text

An Attack Graph Based Approach for Threat Identification of an Enterprise Network

Cyber Security and Global Information Assurance ◽

10.4018/978-1-60566-326-5.ch002 ◽

2009 ◽

pp. 23-47 ◽

Cited By ~ 1

Author(s):

Somak Bhattacharya ◽

Samresh Malhotra ◽

S. K. Ghosh

Keyword(s):

Causal Relationship ◽

Risk Mitigation ◽

Automatic Assessment ◽

Enterprise Network ◽

Attack Graphs ◽

Attack Graph ◽

Attack Path ◽

Critical Resource ◽

Attack Surface ◽

The Individual

As networks continue to grow in size and complexity, automatic assessment of the security vulnerability becomes increasingly important. The typical means by which an attacker breaks into a network is through a series of exploits, where each exploit in the series satisfies the pre-condition for subsequent exploits and makes a causal relationship among them. Such a series of exploits constitutes an attack path where the set of all possible attack paths form an attack graph. Attack graphs reveal the threat by enumerating all possible sequences of exploits that can be followed to compromise a given critical resource. The contribution of this chapter is to identify the most probable attack path based on the attack surface measures of the individual hosts for a given network and also identify the minimum possible network securing options for a given attack graph in an automated fashion. The identified network securing options are exhaustive and the proposed approach aims at detecting cycles in forward reachable attack graphs. As a whole, the chapter deals with identification of probable attack path and risk mitigation which may facilitate in improving the overall security of an enterprise network.

Download Full-text

Multistage Attack Graph Security Games: Heuristic Strategies, with Empirical Game-Theoretic Analysis

Security and Communication Networks ◽

10.1155/2018/2864873 ◽

2018 ◽

Vol 2018 ◽

pp. 1-28 ◽

Cited By ~ 6

Author(s):

Thanh H. Nguyen ◽

Mason Wright ◽

Michael P. Wellman ◽

Satinder Singh

Keyword(s):

Cyber Attacks ◽

Attack Graphs ◽

Game Analysis ◽

Attack Graph ◽

Game Theoretic Analysis ◽

Security Environment ◽

Heuristic Strategies ◽

Security Games ◽

Game Theoretic ◽

Security Game

We study the problem of allocating limited security countermeasures to protect network data from cyber-attacks, for scenarios modeled by Bayesian attack graphs. We consider multistage interactions between a network administrator and cybercriminals, formulated as a security game. This formulation is capable of representing security environments with significant dynamics and uncertainty and very large strategy spaces. We propose parameterized heuristic strategies for the attacker and defender and provide detailed analysis of their time complexity. Our heuristics exploit the topological structure of attack graphs and employ sampling methods to overcome the computational complexity in predicting opponent actions. Due to the complexity of the game, we employ a simulation-based approach and perform empirical game analysis over an enumerated set of heuristic strategies. Finally, we conduct experiments in various game settings to evaluate the performance of our heuristics in defending networks, in a manner that is robust to uncertainty about the security environment.

Download Full-text

Grid Cyber-Security Strategy in an Attacker-Defender Model

Cryptography ◽

10.3390/cryptography5020012 ◽

2021 ◽

Vol 5 (2) ◽

pp. 12

Author(s):

Yu-Cheng Chen ◽

Vincent John Mooney ◽

Santiago Grijalva

Keyword(s):

Cyber Security ◽

Mathematical Proof ◽

Power Grid ◽

Cyber Attacks ◽

Security Strategy ◽

Defense Strategies ◽

Access Controls ◽

Average Probability ◽

Novel Concept ◽

First Time

The progression of cyber-attacks on the cyber-physical system is analyzed by the Probabilistic, Learning Attacker, and Dynamic Defender (PLADD) model. Although our research does apply to all cyber-physical systems, we focus on power grid infrastructure. The PLADD model evaluates the effectiveness of moving target defense (MTD) techniques. We consider the power grid attack scenarios in the AND configurations and OR configurations. In addition, we consider, for the first time ever, power grid attack scenarios involving both AND configurations and OR configurations simultaneously. Cyber-security managers can use the strategy introduced in this manuscript to optimize their defense strategies. Specifically, our research provides insight into when to reset access controls (such as passwords, internet protocol addresses, and session keys), to minimize the probability of a successful attack. Our mathematical proof for the OR configuration of multiple PLADD games shows that it is best if all access controls are reset simultaneously. For the AND configuration, our mathematical proof shows that it is best (in terms of minimizing the attacker′s average probability of success) that the resets are equally spaced apart. We introduce a novel concept called hierarchical parallel PLADD system to cover additional attack scenarios that require combinations of AND and OR configurations.

Download Full-text

Network Attack Path Selection and Evaluation Based on Q-Learning

Applied Sciences ◽

10.3390/app11010285 ◽

2020 ◽

Vol 11 (1) ◽

pp. 285

Author(s):

Runze Wu ◽

Jinxin Gong ◽

Weiyue Tong ◽

Bing Fan

Keyword(s):

Distribution System ◽

Path Selection ◽

Cyber Attacks ◽

Power Distribution System ◽

Q Learning ◽

Attack Model ◽

Cross Domain ◽

Time Operation ◽

Attack Path ◽

The Impact

As the coupling relationship between information systems and physical power grids is getting closer, various types of cyber attacks have increased the operational risks of a power cyber-physical System (CPS). In order to effectively evaluate this risk, this paper proposed a method of cross-domain propagation analysis of a power CPS risk based on reinforcement learning. First, the Fuzzy Petri Net (FPN) was used to establish an attack model, and Q-Learning was improved through FPN. The attack gain was defined from the attacker’s point of view to obtain the best attack path. On this basis, a quantitative indicator of information-physical cross-domain spreading risk was put forward to analyze the impact of cyber attacks on the real-time operation of the power grid. Finally, the simulation based on Institute of Electrical and Electronics Engineers (IEEE) 14 power distribution system verifies the effectiveness of the proposed risk assessment method.

Download Full-text

Tactical Competition Model Application in Restaurant Services Industry at Different Lifecycle Stages of Organization

Journal of Modern Competition ◽

10.37791/2687-0657-2021-15-3-5-16 ◽

2021 ◽

Vol 15 (3) ◽

pp. 5-16

Author(s):

Rimma R. Akhmedova ◽

◽

Mikhail V. Lednev ◽

◽

Keyword(s):

Life Cycle ◽

Successful Implementation ◽

Special Role ◽

Model Application ◽

Development Tactics ◽

Services Sector ◽

Stage Of Development ◽

Competitive Activity ◽

Competitive Actions ◽

First Time

In this article, for the first time, the distribution of well-known strategies and tactics of competitive actions by stages of the lifecycle according to the model of D. Miller and P. Friesen is carried out, which allows to provide a more accurate description of the competitive activity of an organization at different stages of its development. Tactics and strategy are closely related, and there is a need for their gradation in the context of the characteristics of the stages of the organization’s life cycle. This study is especially relevant in the period of the COVID-19 pandemic, where tactical models of competition play a special role in accordance with the selected strategies in the field of restaurant services. During the analysis of the activities of restaurant service establishments at different stages of the life cycle, certain patterns in the competitive actions of the organization were identified, which can be compared with the strategies and tactics of competition. The criteria for determining the stage of development of the organization, which determine the conduct of competitive processes, are given. Each stage of the organization’s life cycle is characterized: birth, development, maturity, flourishing, decline on the example of the restaurant services sector. It shows how organizations apply different strategies and tactics of competitive actions within each stage of the life cycle, as well as during the transition from one stage to another. The use of this article can help restaurant businesses by applying the developed matrix of tactical models of competition at various stages of the organization’s life cycle within the framework of a competitive strategy in the practical activities of the organization. Thus, the result of successful implementation of the strategy and tactical models is an increase in the number of potential guests, including permanent ones, and an increase in investment, production, sales and other opportunities.

Download Full-text

Using Hybrid Attack Graphs to Model and Analyze Attacks against the Critical Information Infrastructure

Critical Information Infrastructure Protection and Resilience in the ICT Sector ◽

10.4018/978-1-4666-2964-6.ch009 ◽

2013 ◽

pp. 173-197

Author(s):

Peter J. Hawrylak ◽

Chris Hartney ◽

Mauricio Papa ◽

John Hale

Keyword(s):

Smart Grid ◽

Information Infrastructure ◽

Cyber Attacks ◽

Computer Networking ◽

Attack Graphs ◽

Critical Information ◽

Best Practice Guidelines ◽

Modeling Methodology ◽

Physical Attack ◽

Networking Technologies

The Smart Grid will incorporate computer networking technologies into the electrical generation, transmission, and distribution sectors. Thus, there will be an underlying Critical Information Infrastructure (CII) based on these network connections. This CII is vulnerable to traditional cyber or computer based attacks typically geared toward disabling devices or networks. However, the Smart Grid is also vulnerable to physical attacks where sensors are tricked into reporting false conditions that cause the control system to react in an inappropriate manner. Cyber-physical attacks blending both cyber and physical attack components are also a possibility. Techniques to model cyber-attacks exist, and this chapter presents a modeling methodology, termed hybrid attack graphs, to model cyber-physical attacks. The hybrid attack graph formalism can be applied to develop best practice guidelines and security patches for the Smart Grid. This formalism can also be applied to other cyber-physical domains as well to help bridge the gap between the physical, logical, and network domains.

Download Full-text

Cooperation and Free Riding in Cyber Security Information-Sharing Programs

Cyber Security and Threats ◽

10.4018/978-1-5225-5634-3.ch018 ◽

2018 ◽

pp. 309-324 ◽

Cited By ~ 1

Author(s):

Asmeret Bier Naugle ◽

Austin Silva ◽

Munaf Aamir

Keyword(s):

Information Sharing ◽

Cyber Security ◽

Low Cost ◽

Cost Savings ◽

Free Riding ◽

Cyber Attacks ◽

Defense Strategies ◽

Shared Information ◽

Substantial Investment ◽

Human Decision

Even with substantial investment in cyber defense, the risk of harm from cyber attacks is significant for many organizations. Multi-organization information-sharing programs have the potential to improve cyber security at relatively low cost by allowing organizations that face similar threats to share information on vulnerabilities, attacks, and defense strategies. The dynamics of an information-sharing program are likely to depend heavily on interactions between human decision makers. This article describes a system dynamics model of an information-sharing program. The model incorporates decision-making strategies of managers and cyber defenders in each participating organization. The model was used to assess how free-riding behavior is likely to affect the success of a multi-organization information-sharing program. Results shows that free riding may make information sharing more volatile and less beneficial early on, but other factors, including cost savings and the perceived utility of shared information, are likely to create success later in the time horizon.

Download Full-text

Cyber Threats in Civil Aviation

Security Solutions for Hyperconnectivity and the Internet of Things - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-0741-3.ch011 ◽

2017 ◽

pp. 272-301

Author(s):

Calvin Nobles

Keyword(s):

Cyber Attacks ◽

Civil Aviation ◽

Legacy Systems ◽

Cyber Defense ◽

Defense Strategies ◽

Effective Strategies ◽

Cyber Threats ◽

Private And Public ◽

Supply Risks

Civil aviation faces increased cybersecurity threats due to hyperconnectivity and the lack of standardized frameworks and cybersecurity defenses. Educating the civil aviation workforce is one method to enhance cyber defense against cyber-attacks. Educating the workforce will lead to initiatives and strategies to combat cyber-attacks. Private and public entities need to remain aggressive in developing cyber defense strategies to keep pace with the increasing vulnerabilities of hyperconnectivity. Areas that require immediate attention to safeguard against cybersecurity threats in civil aviation are: 1) Eliminating supply risks, 2) Upgrading legacy systems, 3) Mitigating technological aftereffects, 4) Increasing cybersecurity awareness, 5) Developing cybersecurity workforce, 6) Managing hyperconnectivity, and 7) Leveraging international entities. To safeguard civil aviation infrastructure from cybersecurity threats require assertive, coordinated, and effective strategies and capabilities to defend the network.

Download Full-text