It Is Time To Steer: A Scalable Framework for Analysis-driven Attack Graph Generation

• URL: http://arxiv.org/abs/2312.16513v2
• Date: Mon, 9 Sep 2024 15:27:51 GMT
• Title: It Is Time To Steer: A Scalable Framework for Analysis-driven Attack Graph Generation
• Authors: Alessandro Palma, Marco Angelini,
• Abstract summary: Attack Graph (AG) represents the best-suited solution to support cyber risk assessment for multi-step attacks on computer networks. Current solutions propose to address the generation problem from the algorithmic perspective and postulate the analysis only after the generation is complete. This paper rethinks the classic AG analysis through a novel workflow in which the analyst can query the system anytime.
• Score: 50.06412862964449
• License: http://creativecommons.org/licenses/by-nc-sa/4.0/
• Abstract: Attack Graph (AG) represents the best-suited solution to support cyber risk assessment for multi-step attacks on computer networks, although their generation suffers from poor scalability due to their combinatorial complexity. Current solutions propose to address the generation problem from the algorithmic perspective and postulate the analysis only after the generation is complete, thus implying too long waiting time before enabling analysis capabilities. Additionally, they poorly capture the dynamic changes in the networks due to long generation times. To mitigate these problems, this paper rethinks the classic AG analysis through a novel workflow in which the analyst can query the system anytime, thus enabling real-time analysis before the completion of the AG generation with quantifiable statistical significance. Further, we introduce a mechanism to accelerate the generation by steering it with the analysis query. To show the capabilities of the proposed framework, we perform an extensive quantitative validation and present a realistic case study on networks of unprecedented size. It demonstrates the advantages of our approach in terms of scalability and fitting to common attack path analyses.

Related papers

• XG-NID: Dual-Modality Network Intrusion Detection using a Heterogeneous Graph Neural Network and Large Language Model [5.298018090482744]
  "XG-NID" is the first to fuse flow-level and packet-level data within a heterogeneous graph structure. XG-NID uniquely enables real-time inference while effectively capturing the intricate relationships between flow and packet payload data.
  arXiv  Detail & Related papers  (2024-08-27T01:14:34Z)
• Enhancing Cyber Security through Predictive Analytics: Real-Time Threat Detection and Response [0.0]
  The study uses a dataset from Kaggle with 2000 instances of network traffic and security events. The findings show that predictive analytics enhance the vigilance of threats and response time. This paper advocates for predictive analytics as an essential component for developing preventative cyber security strategies.
  arXiv  Detail & Related papers  (2024-07-15T16:11:34Z)
• Stability and Generalization Analysis of Gradient Methods for Shallow Neural Networks [59.142826407441106]
  We study the generalization behavior of shallow neural networks (SNNs) by leveraging the concept of algorithmic stability. We consider gradient descent (GD) and gradient descent (SGD) to train SNNs, for both of which we develop consistent excess bounds.
  arXiv  Detail & Related papers  (2022-09-19T18:48:00Z)
• Finite-Time Analysis of Asynchronous Q-learning under Diminishing Step-Size from Control-Theoretic View [3.5823366350053325]
  This paper investigates new finite-time analysis of asynchronous Q-learning under Markovian observation models. In particular, we introduce a discrete-time time-varying switching system model of Q-learning with diminishing step-sizes. The proposed analysis brings in additional insights, covers different scenarios, and provides new simplified templates for analysis.
  arXiv  Detail & Related papers  (2022-07-25T14:15:55Z)
• Revisiting PGD Attacks for Stability Analysis of Large-Scale Nonlinear Systems and Perception-Based Control [2.2725929250900947]
  We tailor the projected gradient descent (PGD) method developed in the adversarial learning community as a general-purpose ROA analysis tool. We show that the ROA analysis can be approximated as a constrained problem whose goal is to find the worst-case initial condition. We present two PGD-based iterative methods which can be used to solve the resultant constrained problem.
  arXiv  Detail & Related papers  (2022-01-03T18:46:58Z)
• A Simple and Efficient Sampling-based Algorithm for General Reachability Analysis [32.488975902387395]
  General-purpose reachability analysis remains a notoriously challenging problem with applications ranging from neural network verification to safety analysis of dynamical systems. By sampling inputs, evaluating their images in the true reachable set, and taking their $epsilon$-padded convex hull as a set estimator, this algorithm applies to general problem settings and is simple to implement. This analysis informs algorithmic design to obtain an $epsilon$-close reachable set approximation with high probability. On a neural network verification task, we show that this approach is more accurate and significantly faster than prior work.
  arXiv  Detail & Related papers  (2021-12-10T18:56:16Z)
• Meta Adversarial Perturbations [66.43754467275967]
  We show the existence of a meta adversarial perturbation (MAP) MAP causes natural images to be misclassified with high probability after being updated through only a one-step gradient ascent update. We show that these perturbations are not only image-agnostic, but also model-agnostic, as a single perturbation generalizes well across unseen data points and different neural network architectures.
  arXiv  Detail & Related papers  (2021-11-19T16:01:45Z)
• A general sample complexity analysis of vanilla policy gradient [101.16957584135767]
  Policy gradient (PG) is one of the most popular reinforcement learning (RL) problems. "vanilla" theoretical understanding of PG trajectory is one of the most popular methods for solving RL problems.
  arXiv  Detail & Related papers  (2021-07-23T19:38:17Z)
• Stochastically forced ensemble dynamic mode decomposition for forecasting and analysis of near-periodic systems [65.44033635330604]
  We introduce a novel load forecasting method in which observed dynamics are modeled as a forced linear system. We show that its use of intrinsic linear dynamics offers a number of desirable properties in terms of interpretability and parsimony. Results are presented for a test case using load data from an electrical grid.
  arXiv  Detail & Related papers  (2020-10-08T20:25:52Z)
• Graph Backdoor [53.70971502299977]
  We present GTA, the first backdoor attack on graph neural networks (GNNs) GTA departs in significant ways: it defines triggers as specific subgraphs, including both topological structures and descriptive features. It can be instantiated for both transductive (e.g., node classification) and inductive (e.g., graph classification) tasks.
  arXiv  Detail & Related papers  (2020-06-21T19:45:30Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.