introduction attack graphs
play

Introduction Attack Graphs Model Creation Analysis of Attack - PowerPoint PPT Presentation

Nov 13, 2023 •173 likes •684 views

EVA Evolutionary Vulnerability Analyzer A Framework for Network Analysis and Risk Assessment Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield Introduction Attack Graphs Model Creation

  1. EVA Evolutionary Vulnerability Analyzer A Framework for Network Analysis and Risk Assessment Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  2. ● Introduction ● Attack Graphs – Model – Creation ● Analysis of Attack Graphs – Evolutionary Method – Modes of Analysis ● Experimental Results Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  3. ● Problem: Vulnerability scanners limited – Only evaluates individual machines – Cannot show how vulnerabilities relate ● Example: “Foothold” situation – Attacker compromises machine A – Machine A has private communication channel with machine B – Attacker uses machine A to attack machine B Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  4. ● Solution: Attack graphs – Visual representation of exploits paths Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  5. ● Benefits of analyzing attack graphs – Find a set of hardening measures – Perform “what if” evaluations – Assist with network design – Guide forensics evaluation – Detect multi-stage attacks from IDS alerts Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  6. Attack Graphs Model Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  7. ● Nodes of the graph – Initial nodes represent the present state of the network – Interior and terminal nodes represent states the attacker has achieved ● Edges of the graph – Attacks executed by attacker – Represented visually as a diamond “node” Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  8. ● Exploit path is sequence from initial nodes to a terminal node ● Discovers exploit paths through attack template “requires/provides” syntax – Templates have preconditions (requirements) and postconditions (consequences) – Postcondition of one attack may be a precondition for another attack – Path is sequence of such relationships Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  9. SSH Attack Template IIS Attack Template ● Preconditions ● Preconditions – Target has SSH vuln – Target has IIS vuln – Priv source >= user – Priv source >= user – Priv target < root – Priv target < root – Source can connect – Source can connect to target on port 22 to target on port 80 ● Postcondition ● Postcondition – Attacker has priv – Attacker has priv root on target root on target Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  10. ● Abstract exploit R2R Attack Template templates eliminate most ● Preconditions redundancy – Target has R2R vuln ● Currently models – Priv source >= user – Privilege escalation – Priv target < root – Password guessing – Source can connect – Information leaks to target on port r2r ● Postcondition – Altering firewall and router rules – Attacker has priv root on target Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  11. Attack Graphs Generation Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  12. ● Input data – List of vulnerabilities present on all machines – Model of firewall and router rules ● Attacker model – Assumes a single attacker for each graph – Initial privileges attacker has on all machines – Additional “attacker” machines – Can model insider and outsider scenarios Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  13. ● Preprocessing – Convert all vulnerabilities and port numbers to abstract model – Cluster identical machines ● Must have same vulnerabilities AND connectivity ● Less work for the generator ● Generation – Use expert system to discover all possible exploit paths Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  14. ● Outputs graph as data file and visualized graph Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  15. ● Visual complexity can rise quickly Attack graph for network with 15 hosts: Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  16. Analysis of Attack Graphs Evolutionary Method Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  17. ● Goal: Prevent attacker from achieving certain resources (“goal nodes”) in graph ● Evolutionary Method – Computationally infeasible to brute force – Start with random solutions ● Solution varies with analysis mode – Use genetic algorithm to refine solutions ● Guided search of solution space – Flexible and allows multiple solutions Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  18. ● Example: Find a set of patches – Initial solutions are random subset of patches – Applies patches to graph and sees how well the patches disconnect the goal nodes – Assign a fitness metric – Select solutions with best fitness – “Breed” them to create next generation – Repeat Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  19. ● Assessing fitness is most CPU intensive task ● Must apply each hardening measure and cascade its effects throughout the graph ● Over 60% of the single-threaded application CPU time was spent in this function ● Switched this task to multi-threaded function – Each has its own copy of the attack graph – Memory is cheap, time is not (usually) Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  20. Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  21. Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  22. Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  23. Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  24. Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  25. Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  26. Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  27. Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  28. ● Fitness metric measures benefit of solution and cost of solution – Affected by mode of analysis and policy ● Policy model allows defaults specified by mode to be overridden – Can override both costs and benefits for specific cases or general cases – Can have a different policy for different modes of analysis Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  29. Analysis of Attack Graphs Modes of Analysis Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  30. ● Find set of hardening measures – Prevent attacker from reaching resources by patching machines, applying new firewall or router rules and/or placing IDS sensors – Can also be run in “patch only” mode – Solution is a proposed set of measures – Fitness metric based on cost for measures in set and how well they disconnect the attacker from the goal nodes Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  31. ● Strategic Planning – Assess unknown risks by asking “what if” – Affects the generation of the attack graph – Alter the vulnerability list or firewall/router rules to reflect the scenario – Generate an attack graph for the scenario – Analyze resulting graph using any other mode Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  32. ● Network Design – Simple mode – Administrator designs several different sets of firewall and/or router rules for the network – Attack graph is generated for each design – Risk metric is calculated based on how well connected the goal nodes are to the graph – Design with lowest risk metric is selected ● Simple mode is not very interesting – Just a variation on strategic planning Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

  33. ● Network Design – Evolutionary Mode – Administrator gives a single prototype design – Evolutionary analysis seeks improvements – Solutions alter firewall/router rules or place IDS sensors – Fitness metric based on how well goal nodes are disconnected or watched – Outputs several designs that minimize both risk and cost Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Attack Graphs Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Attack

Attack Graphs Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Attack

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Attack Graphs Systems and Internet Infrastructure Security (SIIS)

1.06k views • 60 slides
Graphs Graphs Examples Definitions Implementation/Representation of graphs Graphs

Graphs Graphs Examples Definitions Implementation/Representation of graphs Graphs

CS171 Introduction to Computer Science II Science II Graphs Graphs Examples Definitions Implementation/Representation of graphs Graphs Graphs: set of vertices connected pairwise by edges Interesting and useful structure

346 views • 30 slides
A DEPTS : Adaptive Intrusion Response using Attack Graphs in an e-Commerce Environment Bingrui

A DEPTS : Adaptive Intrusion Response using Attack Graphs in an e-Commerce Environment Bingrui

A DEPTS : Adaptive Intrusion Response using Attack Graphs in an e-Commerce Environment Bingrui Foo, Yu-Sung Wu, Yu-Chun Mao, Saurabh Bagchi, Eugene Spafford Purdue University Dependable Computing Systems Lab (http://shay.ecn.purdue.edu/~dcsl)

608 views • 23 slides
Graphs Graphs Simple graphs Algorithms Depth-first search Breadth-first search

Graphs Graphs Simple graphs Algorithms Depth-first search Breadth-first search

CS171 Introduction to Computer Science II Graphs Graphs Simple graphs Algorithms Depth-first search Breadth-first search shortest path Connected components Directed graphs Weighted graphs Minimum spanning tree

781 views • 53 slides
Graphs-Introduction November 9, 2016 CMPE 250 Graphs-Introduction November 9, 2016 1 / 32

Graphs-Introduction November 9, 2016 CMPE 250 Graphs-Introduction November 9, 2016 1 / 32

Graphs-Introduction November 9, 2016 CMPE 250 Graphs-Introduction November 9, 2016 1 / 32 Graphs - Basic Concepts Basic definitions: vertices and edges More definitions: paths, simple paths, cycles, loops Connected and disconnected graphs

484 views • 32 slides
House of Graphs: Introduction what are interesting graphs? GraPHedron First Definition of

House of Graphs: Introduction what are interesting graphs? GraPHedron First Definition of

House of Graphs: what are interesting graphs? CSD5 House of Graphs: Introduction what are interesting graphs? GraPHedron First Definition of interesting graphs Computational G. Brinkmann 1 , K. Coolsaet 1 , results J. Goedgebeur 1 and H.

686 views • 39 slides
Examples of Obstructions to Apex Graphs, Edge-Apex Graphs, and Contraction-Apex Graphs

Examples of Obstructions to Apex Graphs, Edge-Apex Graphs, and Contraction-Apex Graphs

Examples of Obstructions to Apex Graphs, Edge-Apex Graphs, and Contraction-Apex Graphs International Workshop on Spatial Graphs Mike Pierce August 2016 University California, Riverside Contents Introduction Graph Minors Robertson and

498 views • 46 slides
CSE 421: Introduction to Algorithms Induction)* Graphs Shayan&amp;Oveis&amp;Gharan 1 Graphs

CSE 421: Introduction to Algorithms Induction)* Graphs Shayan&amp;Oveis&amp;Gharan 1 Graphs

CSE 421: Introduction to Algorithms Induction)* Graphs Shayan&amp;Oveis&amp;Gharan 1 Graphs 2 Undirected)Graphs)G=(V,E) A 2 10 3 Disconnected)graph 11 12 4 8 Multi)edges 13 B 9 Isolated)vertices 6 Self)loop 7 3

230 views • 19 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day &gt;&gt; exploitation of the device &gt;&gt; the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
Recent Attack Technologies Neil Long OxCert Introduction Hope for audience participation!

Recent Attack Technologies Neil Long OxCert Introduction Hope for audience participation!

Recent Attack Technologies Neil Long OxCert Introduction Hope for audience participation! At least two aspects Target payloads Attack origins Future? arenas Attack Payloads Buffer overflow Format strings

535 views • 18 slides
SysML-Sec Attack Graphs: Compact Representations for Complex Attacks Institut Ludovic Apvrille

SysML-Sec Attack Graphs: Compact Representations for Complex Attacks Institut Ludovic Apvrille

SysML-Sec Attack Graphs: Compact Representations for Complex Attacks Institut Ludovic Apvrille Mines-Telecom ludovic.apvrille@telecom-paristech.fr Yves Roudier yves.roudier@eurecom.fr GraMSec2015 Context: Security for Embedded Systems

470 views • 23 slides
38: Introduction to Graphs Chris Wyatt Electrical and Computer Engineering Virginia Tech Graphs

38: Introduction to Graphs Chris Wyatt Electrical and Computer Engineering Virginia Tech Graphs

ECE 2574 Introduction to Data Structures and Algorithms 38: Introduction to Graphs Chris Wyatt Electrical and Computer Engineering Virginia Tech Graphs One can approach graphs from different perspectives 1) It is a data structure: extension

338 views • 30 slides
Protocol Attacks What is a protocol attack? How does it work? Different types of

Protocol Attacks What is a protocol attack? How does it work? Different types of

Outline : Part 1 Introduction Protocol Attacks What is a protocol attack? How does it work? Different types of protocol attack By Sushant Rewaskar Introduction: Types of attacks What is a protocol attack? Buffer overflow

518 views • 13 slides
Graphs () Graphs () Graphs Graphs Graphs are collections of nodes

Graphs () Graphs () Graphs Graphs Graphs are collections of nodes

Graphs () Graphs () Graphs Graphs Graphs are collections of nodes in which various pairs are connected by K08 line segments. The

627 views • 17 slides
ECE 242 Data Structures Lecture 28 Introduction to Graphs November 20, 2009 ECE242 L28:

ECE 242 Data Structures Lecture 28 Introduction to Graphs November 20, 2009 ECE242 L28:

ECE 242 Data Structures Lecture 28 Introduction to Graphs November 20, 2009 ECE242 L28: Introduction to Graphs Overview Problem: How do we represent irregular connections between locations? Graphs Definition Directed and

506 views • 17 slides
Graphs Graphs Definitions Implementation/Representation of graphs Search Traversing

Graphs Graphs Definitions Implementation/Representation of graphs Search Traversing

CS171 Introduction to Computer Science II Science II Graphs Graphs Definitions Implementation/Representation of graphs Search Traversing graphs Graph traversal: visit each vertex in the graph exactly once There are in

353 views • 16 slides
Lightning Talks 5/18/2017 Virginia Tech Integrated Security Destination Area 3 1 5/18/2017

Lightning Talks 5/18/2017 Virginia Tech Integrated Security Destination Area 3 1 5/18/2017

5/18/2017 Global Security in Physical and Social Environments Moderator Tim Luke University Distinguished Professor, Department of Political Science, Government and International Affairs Program, School of Public International Affairs Ov

210 views • 4 slides
Reference Manual on Scientific Evidence Second Edition Federal Judicial Center This

Reference Manual on Scientific Evidence Second Edition Federal Judicial Center This

Reference Manual on Scientific Evidence Second Edition Federal Judicial Center This Federal Judicial Center publication was undertaken in furtherance of the Centers statutory mission to develop and conduct education programs for

326 views • 7 slides
1 Course website https://creason.co/ CANVAS also updated Very important for this class -Syllabus

1 Course website https://creason.co/ CANVAS also updated Very important for this class -Syllabus

1 Course website https://creason.co/ CANVAS also updated Very important for this class -Syllabus -Assignment instructions -Sample essays, tests, and questions -Study guides 2 3 Anthropology in general studies human culture and the

418 views • 12 slides
Predictors of Non- Accidental Trauma in Children of South Carolina Melissa Maxey, MD, Juan

Predictors of Non- Accidental Trauma in Children of South Carolina Melissa Maxey, MD, Juan

Predictors of Non- Accidental Trauma in Children of South Carolina Melissa Maxey, MD, Juan Camps, MD November 12, 2015 University of South Carolina Acknowledgments Juan Camps, MD Natalie Brenders, MS III Mandy Felder Olga Rosa,

299 views • 12 slides
Specialized Topics in Ethical Forensic Practice, Part 3: Bias in Forensic Evaluations November 18,

Specialized Topics in Ethical Forensic Practice, Part 3: Bias in Forensic Evaluations November 18,

Specialized Topics in Ethical Forensic Practice, Part 3: Bias in Forensic Evaluations November 18, 2015 Ohio MHAS Forensic Conference Columbus, OH Terry Kukor, Ph.D., ABPP Board Certified in Forensic Psychology Director of Forensic Services Netcare

1.29k views • 67 slides
The place of useful learning Scotland 1 hour Glasgow Scotlands largest city

The place of useful learning Scotland 1 hour Glasgow Scotlands largest city

The place of useful learning Scotland 1 hour Glasgow Scotlands largest city Population of about 1 million people Regional hub Communications, commerce, services, education, tourism 4 universities, colleges,

445 views • 25 slides
WELCOME TO UTS:SCIENCE UTS:SCIENCE science.uts.edu.au science.uts.edu.au ACKNOWLEDGMENT OF

WELCOME TO UTS:SCIENCE UTS:SCIENCE science.uts.edu.au science.uts.edu.au ACKNOWLEDGMENT OF

Welcome to UTS:SCIENCE WELCOME TO UTS:SCIENCE UTS:SCIENCE science.uts.edu.au science.uts.edu.au ACKNOWLEDGMENT OF COUNTRY I would like to acknowledge the Gadigal People of the Eora Nation upon whose ancestral lands this Campus now stands

529 views • 28 slides
Exploring the different careers in science University of Leicester 1 st February 2012 Diana

Exploring the different careers in science University of Leicester 1 st February 2012 Diana

Exploring the different careers in science University of Leicester 1 st February 2012 Diana Garnham Chief Executive, The Science Council www.sciencecouncil.org The Science Council A membership organisation for learned societies and

525 views • 28 slides

More recommend