MDC-Checker: A novel network risk assessment framework for multiple domain configurations

Bai, Wei; Pan, Zhisong; Guo, Shize; Chen, Zhe; Xia, Shiming

doi:10.1016/j.cose.2019.06.016

Cited by 3 publications

(11 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are four kinds of basic information to be extracted, namely Entity, Relationship, Protection, and Privilege Dependency Rule. There are seven kinds of entities, 13 kinds of relationships, three kinds of protections and 14 standard privilege dependency rules, which are listed in detail in the paper [7]. This basic information describes various details of the target network in a formal way.…”

Section: The Fast-uapr Framework Overviewmentioning

confidence: 99%

A fast user actual privilege reasoning framework based on privilege dependency graph reduction

Bai

Cheng

Wang

et al. 2023

IET Information Security

Self Cite

View full text Add to dashboard Cite

It is a key point to find out the actual privileges of network users in network security risk assessment. The Privilege dependency graph (PDG) provides an effective way to reason the actual privileges of network users from their initial privileges. The existing User Actual Privilege reasoning method is time-consuming and not suitable for large-scale networks. This paper introduces a fast User Actual Privilege reasoning framework based on PDG reduction. The core idea is to reduce the size of the graph as much as possible before the actual privilege reasoning. Three different nodes merged scenarios are proposed and discussed, as well as the influences of different execution sequences and execution times. Networks of different sizes were simulated to validate the effectiveness and scalability of their method. The experimental results show that the proposed method can decrease the time of User Actual Privilege reasoning by over 25% in large-scale networks.

show abstract

Section: The Fast-uapr Framework Overviewmentioning

confidence: 99%

A fast user actual privilege reasoning framework based on privilege dependency graph reduction

Bai

Cheng

Wang

et al. 2023

IET Information Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…To address this challenge, we propose a unified semantic information description method based on KG in multiple domain cyberspace. In reference [16], cyberspace should be integrated into physical domain, information domain, network domain, social domain and other domains, so it can be seen that cyberspace has the characteristics of multiple regions.…”

Section: Unified Description Of Multiple Domain Cyberspace Semantic I...mentioning

confidence: 99%

“…The node with the highest score is the entity node that can be reasoning. Method B: Reasoning method Based on Rules (BOR) [16]. Since there is no public permissions reasoning data sets in the previous research, we adopt the rule-based reasoning method based on [16] to conduct user permissions reasoning for the training data sets and obtain the permissions that they can finally obtain.…”

Section: Baselinesmentioning

confidence: 99%

“…Method B: Reasoning method Based on Rules (BOR) [16]. Since there is no public permissions reasoning data sets in the previous research, we adopt the rule-based reasoning method based on [16] to conduct user permissions reasoning for the training data sets and obtain the permissions that they can finally obtain. Although reasoning method based on rules has its limitations, the accuracy rate and recall rate of expert rule making are both 100%.…”

Section: Baselinesmentioning

confidence: 99%

“…Although reasoning method based on rules has its limitations, the accuracy rate and recall rate of expert rule making are both 100%. As described in [16], the accuracy of its rule-based user permissions reasoning method is 100%.…”

Section: Baselinesmentioning

confidence: 99%

See 2 more Smart Citations

KGRGRL: A User's Permission Reasoning Method Based on Knowledge Graph Reward Guidance Reinforcement Learning

Zhang¹,

Liu²,

Zheng³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

In general, multiple domain cyberspace security assessments can be implemented by reasoning user's permissions. However, while existing methods include some information from the physical and social domains, they do not provide a comprehensive representation of cyberspace. Existing reasoning methods are also based on expert-given rules, resulting in inefficiency and a low degree of intelligence. To address this challenge, we create a Knowledge Graph (KG) of multiple domain cyberspace in order to provide a standard semantic description of the multiple domain cyberspace. Following that, we proposed a user's permissions reasoning method based on reinforcement learning. All permissions in cyberspace are represented as nodes, and an agent is trained to find all permissions that user can have according to user's initial permissions and cyberspace KG. We set 10 reward setting rules based on the features of cyberspace KG in the reinforcement learning of reward information setting, so that the agent can better locate user's all permissions and avoid blindly finding user's permissions. The results of the experiments showed that the proposed method can successfully reason about user's permissions and increase the intelligence level of the user's permissions reasoning method. At the same time, the F1 value of the proposed method is 6% greater than that of the Translating Embedding (TransE) method.

show abstract

User's Permission Reasoning Method Based on Knowledge Graph Reward Guidance Reinforcement Learning in Data Center

Pan

et al. 2022

Communications in Computer and Information Science

View full text Add to dashboard Cite

MDC-Checker: A novel network risk assessment framework for multiple domain configurations

Cited by 3 publications

References 7 publications

A fast user actual privilege reasoning framework based on privilege dependency graph reduction

A fast user actual privilege reasoning framework based on privilege dependency graph reduction

KGRGRL: A User's Permission Reasoning Method Based on Knowledge Graph Reward Guidance Reinforcement Learning

User's Permission Reasoning Method Based on Knowledge Graph Reward Guidance Reinforcement Learning in Data Center

Contact Info

Product

Resources

About