Identifying Critical Attack Assets in Dependency Attack Graphs

Sawilla, Reginald E.; Ou, Xinming

doi:10.1007/978-3-540-88313-5_2

Cited by 120 publications

(73 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some work has been done to determine cyber asset criticality [8] [9] [10]. These approaches either view asset criticality from the prospective of the attacker or only focus on the dependency aspect of asset criticality.…”

Section: Potential Methods To Compute Asset Criticalitymentioning

confidence: 99%

“…While it provides in interesting approach, it still requires human decision makers to make a determination regarding the criticality of an asset, using the information presented to them. Sawilla et al focus on the criticality of an asset from an attacker's point of view using dependency attack graphs [10] rather than focus on the impact of the asset itself. Their approach uses a generalization of Google's PageRank algorithm [11] to calculate the importance of an asset to an attacker.…”

Section: Potential Methods To Compute Asset Criticalitymentioning

confidence: 99%

“…PageRank assesses the importance of a web page by the number of pages linking to it as well as the importance of these pages. The straightforward and intuitiveness of the algorithm has made it popular to apply in other areas such as attack paths [10] and measuring species' importance of co-extinction [24]. Very simply stated, the algorithm recursively calculates a page rank value in which for each page that links to it, the page rank value of that page is divided by the number of outgoing links from that page, and then these values are summed up [11].…”

Section: ) Google's Pagerank Algorithmmentioning

confidence: 99%

See 2 more Smart Citations

Determining Asset Criticality for Cyber Defense

Kim¹,

Kang²

2011

View full text Add to dashboard Cite

Standard Form 298 (Rev. 8-98)Prescribed by ANSI Std. Z39.18Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden to Department of Defense, Washington Headquarters Services, Directorate for Information Operations and Reports (0704-0188), 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to any penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS.

show abstract

Section: Potential Methods To Compute Asset Criticalitymentioning

confidence: 99%

Section: Potential Methods To Compute Asset Criticalitymentioning

confidence: 99%

Section: ) Google's Pagerank Algorithmmentioning

confidence: 99%

See 1 more Smart Citation

Determining Asset Criticality for Cyber Defense

Kim¹,

Kang²

2011

View full text Add to dashboard Cite

show abstract

“…Sawilla and Ou [22] use attack graphs with a ranking method as a tool for monitor placement, explicitly invoking minimal graph cuts as a method for selecting remediation or focused monitoring. While exploring a closely related problem space to the one we consider, both works makes use of significant side information in the form of attack graphs and the result of vulnerability scans and analysis that we do not consider.…”

Section: Related Workmentioning

confidence: 99%

Defensive Resource Allocations with Security Chokepoints in IPv6 Networks

Gueye

Mell

Harang

et al. 2015

Data and Applications Security and Privacy XXIX

View full text Add to dashboard Cite

Abstract. Securely configured Internet Protocol version 6 networks can be made resistant to network scanning, forcing attackers to propagate following existing benign communication paths. We exploit this attacker limitation in a defensive approach in which heightened security measures are deployed onto a select group of chokepoint hosts to enhance detection or deter penetration. Chokepoints are chosen such that, together, they connect small isolated clusters of the communication graph. Hence, attackers attempting to propagate are limited to a small set of targets or have to penetrate one or more chokepoints. Optimal placement of chokepoints requires solving an NP-hard problem and, hence, we approximate optimal solutions via a suite of heuristics. We test our algorithms on data from a large operational network and discover that heightened security measures are only needed on 0.65% of the nodes to restrict unimpeded attacker propagation to no more than 15% of the network.

show abstract

“…Less closely related is the work on efficient generation of attack graphs [6][7][8][9][10]. These do not, however, explicitly model network router and firewall configurations to calculate the end-to-end reachability matrix, and do not focus on the problem of defining an aggregate impact metric.…”

Section: Related Workmentioning

confidence: 99%