Heuristic Approach for Countermeasure Selection Using Attack Graphs

Stan, Orly; Bitton, Ron; Ezrets, Michal; Dadon, Moran; Inokuchi, Masaki; Ohta, Yoshinobu; Yagyu, Tomohiko; Elovici, Yuval; Shabtai, Asaf

doi:10.1109/csf51468.2021.00003

Cited by 19 publications

(8 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The heuristic approach of countermeasure selection described in [37] uses the attack graph generation process of MuLVAL. The concept of pre-condition and post-condition used for attack steps are reused for mitigation actions, where post-conditions are the facts getting canceled by the implemented countermeasures.…”

Section: A Detailed Study Of Countermeasure Selection Methodologiesmentioning

confidence: 99%

“…Attack graphs are also being studied extensively and employed for the purpose of optimal selection of countermeasures, e.g., in [20], [29], [35], [37]. While the objects called attack graphs in [37] are essentially the same as the attack graphs of [1], and a reduced version of the latter, called vulnerability dependency graphs in [1] is used in [35], in each of the works [20], [29], [37] attack graphs are defined differently. Furthermore, each of them having different optimization goals, the optimization methods of [20], [29], [35], [37] require different input data.…”

Section: Related Workmentioning

confidence: 99%

“…While the objects called attack graphs in [37] are essentially the same as the attack graphs of [1], and a reduced version of the latter, called vulnerability dependency graphs in [1] is used in [35], in each of the works [20], [29], [37] attack graphs are defined differently. Furthermore, each of them having different optimization goals, the optimization methods of [20], [29], [35], [37] require different input data. Together with the commonly shared assumption of the input model describing the security aspects of the system completely, this makes these methods not applicable in the case of MAL-based attack graphs.…”

Section: Related Workmentioning

confidence: 99%

“…time-to-compromise [12], path length [14], attack difficulty [24], weakest adversary security metric [27], attack resistance [40], probabilistic security metric [39] it is possible to measure security of the target assets in a network. These metrics can be further used for suggesting actions by which security of valuable assets increases [20], [23], [25], [29], [35], [37].…”

mentioning

confidence: 99%

See 3 more Smart Citations

Security Countermeasures Selection Using the Meta Attack Language and Probabilistic Attack Graphs

2022

View full text Add to dashboard Cite

Connecting critical infrastructure assets to the network is absolutely essential for modern industries. In contrast to the apparent advantages, network connectivity exposes other infrastructure vulnerabilities that can be exploited by attackers. To protect the infrastructure, precise countermeasure identification is necessary. In this regard, the objective for the security officers is to identify the optimal set of countermeasures under a variety of budgetary restrictions. Our approach is based on the Meta Attack Language framework, which allows for convenient modelling of said infrastructures, as well as for automatic generation of attack graphs describing attacks against them. We formalize the problem of the selection of countermeasures in this context. The formalization makes it possible to deal with an arbitrary number of budgets, expressing available resources of both monetary and time-like nature, and to model numerous dependencies between countermeasures, including order dependencies, mutual exclusivity, and interdependent implementation costs. We propose a flexible and scalable algorithm for the problem. The whole methodology is validated in practice on realistic models.

show abstract

Section: A Detailed Study Of Countermeasure Selection Methodologiesmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

mentioning

confidence: 99%

See 2 more Smart Citations

Security Countermeasures Selection Using the Meta Attack Language and Probabilistic Attack Graphs

2022

View full text Add to dashboard Cite

show abstract

“…Appana et al [80] proposed applying a ranking algorithm on the mission impact graph based on the MulVAL attack graph. Stan et al [85] proposed a method that expresses the risk of the system using an extended attack graph model that considers the prerequisites and consequences of exploiting a vulnerability, examines the attacker's potential lateral movements, and expresses the physical network topology as well as vulnerabilities in network protocols.…”

Section: Extension Findingsmentioning

confidence: 99%

A Survey of MulVAL Extensions and Their Attack Scenarios Coverage

et al. 2023

Self Cite

View full text Add to dashboard Cite

Organizations employ various adversary models to assess the risk and potential impact of attacks on their networks. A popular method of visually representing cyber risks is the attack graph. Attack graphs represent vulnerabilities and actions an attacker can take to identify and compromise an organization's assets. Attack graphs facilitate the visual presentation and algorithmic analysis of attack scenarios in the form of attack paths. MulVAL is a generic open-source framework for constructing logical attack graphs, which has been widely used by researchers and practitioners and extended by them with additional attack scenarios. This paper surveys all of the existing MulVAL extensions and maps all MulVAL interaction rules to MITRE ATT&CK Techniques to estimate their attack scenarios coverage. This survey aligns current MulVAL extensions along unified ontological concepts and highlights the existing gaps. It paves the way for the systematic improvement of MulVAL and the comprehensive modeling of the entire landscape of adversarial behaviors captured in MITRE ATT&CK.

show abstract