“…generalize this technique to generate all possible attack paths, thereby generating the entire attack graph [10]. Chinchani et al [3] present a variant of attack graphs called key-challenge graphs to represent insider attacks, and use model-checking to generate all possible insider attacks in a network. Insider attacks have been modeled at the operating system level by Probst et al [4].…”
Section: Functionmentioning
confidence: 99%
“…Before defending against insider attacks, we need a model for reasoning about insiders. Previous work has modeled insider attacks at the network and operating system (OS) levels using higher-level formalisms such as attack graphs [3] and process calculi [4], However, modeling application-level insider attacks requires 1 analysis o f the application's code as an insider has access to the application and can hence launch attacks on the application's implementation. Higher-level models are too coarse grained to enable reasoning about attacks that can be launched at the application code level.…”
Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information.
“…generalize this technique to generate all possible attack paths, thereby generating the entire attack graph [10]. Chinchani et al [3] present a variant of attack graphs called key-challenge graphs to represent insider attacks, and use model-checking to generate all possible insider attacks in a network. Insider attacks have been modeled at the operating system level by Probst et al [4].…”
Section: Functionmentioning
confidence: 99%
“…Before defending against insider attacks, we need a model for reasoning about insiders. Previous work has modeled insider attacks at the network and operating system (OS) levels using higher-level formalisms such as attack graphs [3] and process calculi [4], However, modeling application-level insider attacks requires 1 analysis o f the application's code as an insider has access to the application and can hence launch attacks on the application's implementation. Higher-level models are too coarse grained to enable reasoning about attacks that can be launched at the application code level.…”
Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information.
“…From the user's point of view, CAGs are more intuitive than attack graphs because they closely resemble the input network topology [5]. Although originally developed for insider threat modeling, CAGs are capable of modeling vulnerability-exploited privilege escalation, similar to attack graphs.…”
Section: Please Use the Following Format When Citing This Chaptermentioning
confidence: 99%
“…Capability acquisition graphs (CAGs) (formerly known as key challenge graphs (KCGs)) have been proposed as a modeling technique for insider threat analysis [4,5]. From the user's point of view, CAGs are more intuitive than attack graphs because they closely resemble the input network topology [5].…”
Section: Please Use the Following Format When Citing This Chaptermentioning
confidence: 99%
“…This section describes capability acquisition graphs (CAGs), which were formerly known as key challenge graphs (KCGs) [5].…”
Capability acquisition graphs (CAGs) provide a powerful framework for modeling insider threats, network attacks and system vulnerabilities. However, CAG-based security modeling systems have yet to be deployed in practice. This paper demonstrates the feasibility of applying CAGs to insider threat analysis. In particular, it describes the design and operation of an information-centric, graphics-oriented tool called ICMAP. ICMAP enables an analyst without any theoretical background to apply CAGs to answer security questions about vulnerabilities and likely attack scenarios, as well as to monitor network nodes. This functionality makes the tool very useful for attack attribution and forensics.Keyv^ords: Insider threats, capability acquisition graphs, key challenge graphs
IntroductionA comprehensive model is required for understanding, reducing and preventing enterprise network attacks, and for identifying and combating system vulnerabihties and insider threats. Attacks on enterprise networks are often complex, involving multiple sites, multiple stages and the exploitation of various vulnerabilities. As a consequence, security analysts must consider massive amounts of information about network topology, system configurations, software vulnerabilities, and even social information. Integrating and analyzing all this information is an overwhelming task.A security analyst has to determine how best to represent individual components and interactions when developing a model of a computing environment. Depending on the environment and task at hand, the analyst may deal with network traffic data [15]
An appropriate model of attacker behaviour is a key requirement for quantitative security evaluation. Motivated by the fact that attacker behaviour is affected by some social factors such as monetary costs and benefits rather than merely the technical aspects of the target system, we proposed an attack modelling approach based on a hierarchical and coloured extension of stochastic activity networks (HCSANs). This approach is called HCSAN-based attack modelling. By using this approach, multistage attacks can be modelled following the attack tree paradigm. Also, attacker behaviour can be modelled as a strategic decision-making process that accounts for the following factors affecting the attacker's decisions: (1) the goals of attack; (2) the cost and risk associated with available strategies; and (3) the target system's possible responses. Furthermore, we put forward an analytic solution method to measure security attributes (i.e. confidentiality, integrity and availability) and estimated two important quantitative security measures, which are the mean time to security failure and attack success probability. Additionally, we introduce a parametric sensitivity analysis method, which can be used to determine the sensitivity of the evaluated measures to different model parameters and optimize the model accordingly. Finally, we demonstrated how this approach can be used for survivability enhancement of the system using a well-known risk assessment process.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.