Validating and restoring defense in depth using attack graphs dating sanford

Posted by / 27-Sep-2020 07:31

Validating and restoring defense in depth using attack graphs

Citation Context ...3], attacker exploitation steps relatedsby preconditions and postconditions [4][5], intrusion alertssequences [6][7], logical dependencies for attack goals [8][9],sor host attack reachability [10][11]=-=[12]-=-.s Attack graphs havesalso been implemented with the relational model [13].s Wesshow results for the attack graph tool Cauldron [14] as asbaseline of comparison for our much richer model.s A common theme...Citation Context ...rity, developed by MITRE and others,sknown collectively as Making Security Measurable™ [15].s This includes Common Vulnerabilities and Exposuress(CVE)® [16], Common Vulnerability Scoring Systems(CVSS) =-=[17]-=-, Common Weakness Enumeration (CWE)™ [18],s Common Platform Enumeration (CPE)™ [19], Commons Attack Pattern Enumeration and Classifications(CAPEC)™ [20], Cyber Observable e Xpression (Cyb OX)™slanguage [2...Citation Context ...model, including network flows, IDS/IPSsalerts, anti-virus logs, operating system logs, host inventorysagents, and proxy server logs.s For mapping network attacksrelationships we leverage Apache Spark =-=[23]-=-, which has an inmemory compute model optimized for iterative computation ons Apache Hadoop [24] clusters.s As input, we build a model ofsthe network environment and events, stored in Mongo DB [25].s The ... and actual adversary activities.s Our data model incorporates standardized languages andsprocesses for cyber security, developed by MITRE and others,sknown collectively as Making Security Measurable™ =-=[15]-=-.s This includes Common Vulnerabilities and Exposuress(CVE)® [16], Common Vulnerability Scoring Systems(CVSS) [17], Common Weakness Enumeration (CWE)™ [18],s Common Platform Enumeration (CPE)™ [19], Com...Citation Context ...[2][3], attacker exploitation steps relatedsby preconditions and postconditions [4][5], intrusion alertssequences [6][7], logical dependencies for attack goals [8][9],sor host attack reachability [10]=-=[11]-=-[12].s Attack graphs havesalso been implemented with the relational model [13].s Wesshow results for the attack graph tool Cauldron [14] as asbaseline of comparison for our much richer model.s A common t...Composition of vulnerabilities can be modeled using probabilistic attack graphs, which show all paths of attacks that allow incremental network penetration.Attack likelihoods are propagated through the attack graph, yielding a novel way to measure the security risk of enterprise systems.This metric for risk mitigation analysis is used to maximize the security of enterprise systems.This methodology based on probabilistic attack graphs can be used to evaluate and strengthen the overall security of enterprise networks.

Swarup, "A weakest-adversary security metric for network configuration," in Proc.

Citation Context ..[4][5], intrusion alertssequences [6][7], logical dependencies for attack goals [8][9],sor host attack reachability [10][11][12].s Attack graphs havesalso been implemented with the relational model =-=[13]-=-.s Wesshow results for the attack graph tool Cauldron [14] as asbaseline of comparison for our much richer model.s A common theme in these kinds of approaches has been tosfocus on a limited set of entit...

Citation Context ...ndencies for attack goals [8][9],sor host attack reachability [10][11][12].s Attack graphs havesalso been implemented with the relational model [13].s Wesshow results for the attack graph tool Cauldron =-=[14]-=- as asbaseline of comparison for our much richer model.s A common theme in these kinds of approaches has been tosfocus on a limited set of entity types in the graph model.s However, security concerns in...

Citation Context ..Neo4j Login Info Figure 1.s Components for cyber attack mapping.s We ingest data from various sources relevant to attackss(both potential and actual).s For this, rely primarily on thes Splunk platform =-=[22]-=-.s The ingest process maps the data to ansagnostic (vendor-neutral) model using standardized language.s The Cauldron tool ingests data from vulnerability scans andsfirewall configurations.s We include ad...

Today’s information systems face sophisticated attackers who combine multiple vulnerabilities to penetrate networks with devastating impact.

validating and restoring defense in depth using attack graphs-50validating and restoring defense in depth using attack graphs-31validating and restoring defense in depth using attack graphs-46

The work of Sushil Jajodia was supported in part by the Army Research Office under grant numbers W911NF-13-1-0421 and W911NF-15-1-0576, by the Office of Naval Research under grant number N00014-15-1-2007, and by the National Science Foundation under grant number IIP-1266147.

One thought on “validating and restoring defense in depth using attack graphs”