A Predictive Framework For Cyber Security Analytics Using Attack Graphs

Abraham, Subil; Nair, Suku

doi:10.5121/ijcnc.2015.7101

Cited by 48 publications

(32 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Abraham et al [19] analyzed that the occurrence probability of path length can change over time with respect to the age of vulnerabilities. Ghanshyam et al [20] proposed graph distance metrics for assessing temporal changes in attack surface of dynamic networks, which can be used to identify most critical hosts in the network as per their locations.…”

Section: Related Workmentioning

confidence: 99%

“…In other words, we assign the weight of the edge based on the number of frequencies of the transition from an alert to another. For each row of P, we divide each element of the row by the sum of the rows to obtain the corresponding probability distribution in line (19). Since each cluster is independent, therefore Algorithm 2 is able to use real-time parallel processing technology to deal with each class cluster as well as the collection of transition probability matrix.…”

Section: Definition 2 a Markov Chainmentioning

confidence: 99%

See 1 more Smart Citation

Security Metric Methods for Network Multistep Attacks Using AMC and Big Data Correlation Analysis

Liu

Zhang

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Network security metrics allow quantitatively evaluating the overall resilience of networked systems against attacks. From this aim, security metrics are of great importance to the security-related decision-making process of enterprises. In this paper, we employ absorbing Markov chain (AMC) to estimate the network security combining with the technique of big data correlation analysis. Specifically, we construct the model of AMC using a large amount of alert data to describe the scenario of multistep attacks in the real world. In addition, we implement big data correlation analysis to generate the transition probability matrix from alert stream, which defines the probabilities of transferring from one attack action to another according to a given scenario before reaching one of some attack targets. Based on the probability reasoning, two metric algorithms are designed to estimate the attack scenario as well as the attackers, namely, the expected number of visits (ENV) and the expected success probability (ESP). The superiority is that the proposed model and algorithms assist the administrator in building new scenarios, prioritizing alerts, and ranking them.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Definition 2 a Markov Chainmentioning

confidence: 99%

Security Metric Methods for Network Multistep Attacks Using AMC and Big Data Correlation Analysis

Liu

Zhang

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…In [34,35], the authors established the cyber-security analytics framework where we have captured all the processes involved in building our security metric framework. In [36,37] the extended the model to factor in the age of the vulnerabilities that are part of the generated Attack Tree. In this paper we will extend the model further by tying together the vulnerability discovery rate of all the software systems that are part of the enterprise network and analyze how the individual exploitability metrics evolve with time.…”

Section: Predictive Cyber Security Frameworkmentioning

confidence: 99%

Exploitability analysis using predictive cybersecurity framework

Abraham¹,

Nair²

2015

2015 IEEE 2nd International Conference on Cybernetics (CYBCONF)

Self Cite

View full text Add to dashboard Cite

Managing Security is a complex process and existing research in the field of cybersecurity metrics provide limited insight into understanding the impact attacks have on the overall security goals of an enterprise. We need a new generation of metrics that can enable enterprises to react even faster in order to properly protect mission-critical systems in the midst of both undiscovered and disclosed vulnerabilities. In this paper, we propose a practical and predictive security model for exploitability analysis in a networking environment using stochastic modeling. Our model is built upon the trusted CVSS Exploitability framework and we analyze how the atomic attributes namely Access Complexity, Access Vector and Authentication that make up the exploitability score evolve over a specific time period. We formally define a nonhomogeneous Markov model which incorporates time dependent covariates, namely the vulnerability age and the vulnerability discovery rate. The daily transitionprobability matrices in our study are estimated using a combination of Frei's model & Alhazmi Malaiya's Logistic model. An exploitability analysis is conducted to show the feasibility and effectiveness of our proposed approach. Our approach enables enterprises to apply analytics using a predictive cyber security model to improve decision making and reduce risk.

show abstract

“…-Attack and defense graphs. One of the main ways of providing risk assessment is supporting the implementation of attack and defense graphs [4]. With them, the dynamic risk management systems pretend to estimate the level of risk of the assets through the definition of attack patterns to capture dynamics of a threat and stages it has to go through.…”

Section: Introductionmentioning

confidence: 99%

“…Both attack and defense graphs have captured the attention of many researchers and security experts worldwide. Yet, their notable complexity and modest scalability are still refraining their wide acceptance and deployment [4]. Next we introduce some research challenges regarding attack and defense graphs.…”

Section: Introductionmentioning

confidence: 99%

I Don’t Trust ICT: Research Challenges in Cyber Security

Mármol

Pérez

2016

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Can we trust ICT (Information & Communication Technology) systems? Every single day a handful of previously unknown security vulnerabilities on these environments are published, dangerously feeding the lack of trust feeling that many end users already exhibit with respect to ICT. In order to disrupt and even invert such a perilous tendency (hindering the wide adoption of ICT and all its associated benefits), a number of research challenges in the field of cyber security need to be addressed. This paper presents some of these key challenges, offering initial thoughts on how to tackle each of them.

show abstract

A Predictive Framework For Cyber Security Analytics Using Attack Graphs

Abstract: ABSTRACT

Cited by 48 publications

References 34 publications

Security Metric Methods for Network Multistep Attacks Using AMC and Big Data Correlation Analysis

Security Metric Methods for Network Multistep Attacks Using AMC and Big Data Correlation Analysis

Exploitability analysis using predictive cybersecurity framework

I Don’t Trust ICT: Research Challenges in Cyber Security

Contact Info

Product

Resources

About