Toward hybrid attack dependency graphs

Louthan, George; Hardwicke, Phoebe; Hawrylak, Peter J.; Hale, John

doi:10.1145/2179298.2179368

Cited by 13 publications

(11 citation statements)

References 14 publications

(13 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While one can certainly imagine scenarios where this assumption does not hold, it is somewhat justified by the idea that an attacker is unlikely to give up privileges after obtaining them (Capobianco et al, 2019). This monotonicity idea has led to a variation on attack graphs called attack dependency graphs (Louthan et al, 2011). Attack dependency graphs use different types of nodes compared to a basic attack graph, but the encoded information is approximately equivalent if the statetransition model satisfies the monotonicity assumption.…”

Section: Attack Graphsmentioning

confidence: 99%

An Architectural Design to Address the Impact of Adaptations on Intrusion Detection Systems

Riley,

Marshall,

Quirk

et al. 2023

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Many self-adaptive, autonomous systems rely on component technologies to report anomalies to planning processes that can choose adaptations. What if the analysis technologies themselves need to be adapted? We consider an intrusion detection system (IDS) supported by two component technologies that assist its decision making: a neural network that finds security anomalies and an attack graph that informs the IDS about system states of interest. The IDS purpose is to send alerts regarding security anomalies. Planning processes respond to alerts by selecting mitigation strategies. Mitigations are imposed system-wide and can result in adaptations to the analysis technology, such as the IDS. Without adaptation the IDS can become stagnate in its detection quality. In this paper, we describe an architectural design for an adaptive layer that works directly with an IDS. We examine two use cases involving different mitigation strategies and their impacts on the IDS's supporting components.

show abstract

Section: Attack Graphsmentioning

confidence: 99%

An Architectural Design to Address the Impact of Adaptations on Intrusion Detection Systems

Riley,

Marshall,

Quirk

et al. 2023

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

show abstract

“…The tool automates the task of creating HAGs by compiling the inputs specified and making the appropriate connections. A Hybrid Attack Dependency Graph (HADG) was presented by [33], which allowed discretization into intervals of the reachable and related ranges of the system's state variables and their evolution over the execution of attacks with duration. The HAG generation software of [33] was used by [34] to model a Cyber physical System's attack for a smart grid in which an attacker has to obtain access to a Supervisory Control and Data Acquisition (SCADA) system to cause the transformer to overheat.…”

Section: Related Workmentioning

confidence: 99%

Automatic Hybrid Attack Graph (AHAG) Generation for Complex Engineering Systems

Ibrahim

Alsheikh

2019

Processes

View full text Add to dashboard Cite

Complex Engineering Systems are subject to cyber-attacks due to inherited vulnerabilities in the underlying entities constituting them. System Resiliency is determined by its ability to return to a normal state under attacks. In order to analyze the resiliency under various attacks compromising the system, a new concept of Hybrid Attack Graph (HAG) is introduced. A HAG is a graph that captures the evolution of both logical and real values of system parameters under attack and recovery actions. The HAG is generated automatically and visualized using Java based tools. The results are illustrated through a communication network example.

show abstract

“…The HAG generation software described in [1,2] builds the HAG by matching exploit patterns to a particular system state (CPS definition). Figure 1 illustrates the generation of a HAG for an energy draining attack.…”

Section: Security Analysis With Hybrid Attack Graphsmentioning

confidence: 99%

“…The software takes two files as input: a CPS description file and an exploit file [1,2]. The CPS description file contains information about the devices in the system, network topology, the software and operating system running on each device, and a list of qualities (e.g.…”

Section: Security Analysis With Hybrid Attack Graphsmentioning

confidence: 99%

“…The physical aspect is the operating temperature of the transformer. The attack is modeled using the hybrid attack graph (HAG) framework [1,2]. The remainder of the paper is organized as follows; Section II describes HAGs and how they are used to model cyber-physical attacks; Section III presents the substation transformer cyber-physical attack example; and Section IV presents the conclusions and future work.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Using hybrid attack graphs to model cyber-physical attacks in the Smart Grid

Hawrylak

Haney

Papa

et al. 2012

2012 5th International Symposium on Resilient Control Systems

Self Cite

View full text Add to dashboard Cite

The Smart Grid is a large networked cyber-physical control system that is part of the critical infrastructure. This paper presents a cyber-physical attack against a substation where the attacker causes a transformer to overheat. The attack is modeled using a hybrid attack graph (HAG), which provides a means to model both the physical and cyber components of the attack. The HAG provides insight into potential attack vectors. Based on this information, key points in the system can be identified where security can be strengthened. Direction for future work to expand the capabilities of HAGs for modeling cyber-physical attacks is presented.

show abstract

Toward hybrid attack dependency graphs

Cited by 13 publications

References 14 publications

An Architectural Design to Address the Impact of Adaptations on Intrusion Detection Systems

An Architectural Design to Address the Impact of Adaptations on Intrusion Detection Systems

Automatic Hybrid Attack Graph (AHAG) Generation for Complex Engineering Systems

Using hybrid attack graphs to model cyber-physical attacks in the Smart Grid

Contact Info

Product

Resources

About