Hasso-Plattner-Institut
 
    • de
 

Introduction

Attack graph (AG) has been proposed for years as an effective method to model, analyse, and evaluate the security of complicated computer systems or networks.


To construct an attack graph, the runtime information about the target system or network environment should be monitored, gathered, and later evaluated with existing descriptions of known vulnerabilities available from the public vulnerability database (VDB). The output will be visualized into a graph structure for further theoretical measurements. Information gatherer, vulnerability repository, and the reasoning engine are three important components of an attack graph constructor. This project formulates a generic framework for automatically constructing attack graphs.


The issue for representing the practically gathered system information as well as the exist-ing vulnerability information by a unified format is addressed by a central vulnerability management platform on which the knowledge transformation approach is proposed to make it possible to integrate reasoning algorithms of some other attack graph tools. An experimental prototype of an attack graph construction platform is implemented and demonstrated by several practical cases.

Related Publications

  • P. Najafi, A. Muehle, W. Puenter, F. Cheng, and Ch. Meinel, MalRank: A Measure of Maliciousness in SIEM-based Knowledge Graphs, in Proceedings of 2019 Annual Computer Security Applications Conference (ACSAC'19), ACM Press, December 9-13, 2019, San Juan, Puerto Rico (AR=60/266)
  • P. Najafi, A. Sapegin, F. Cheng, and Ch. Meinel, Guilt-by-Association: Detecting Malicious Entities via Graph Mining, in Proceedings of the 13th International Conference on Security and Privacy in Communication Networks (SecureComm'17), Springer LNICST 238, October 22-25, 2017 Niagara Falls, Canada (AR=31/105)
  • M. Ussath, F. Cheng, and Ch. Meinel, Automatic Multi-Step Signature Derivation from Taint Graphs, in Proceedings of the 7th IEEE Symposium Series on Computational Intelligence (SSCI'16) , IEEE Press, December 6-9, 2016, Athens, Greece.
  • S. Roschke, F. Cheng, and Ch. Meinel, High Quality Attack Graph based IDS Correlation, Logic Journal of the IGPL (JIGPAL), Oxford University Press, 21(4), 2013.
  • S. Roschke, F. Cheng, and Ch. Meinel, A New Correlation Algorithm based on Attack Graph, in Proceedings of the 4th International Conference on Computational Intelligence in Security for Information Systems (CISIS'11CISIS'11), Springer LNCS 6694,Torremolinos, Spain, June 8-10, 2011. (AR=38/67)
  • F. Cheng, S. Roschke, and Ch. Meinel, An Integrated Network Scanning Tool for Attack Graph Construction, in Proceedings of the 6th International Conference on Grid and Pervasive Computing (GPC'11), Springer LNCS 6646, Oulu, Finland, May 11-13, 2011. (AR=28/62)
  • S. Roschke, F. Cheng, and Ch. Meinel, Using Vulnerability Information and Attack Graphs for Intrusion Detection , in Proceedings of the 6th International Conference on Information Assurance and Security(IAS'10), IEEE Press, Atlanta, USA, August 23-25, 2010. (AR=34/131)
  • S. Roschke, F. Cheng, R. Schuppenies, and Ch. Meinel, Towards Unifying Vulnerability Information for Attack Graph Construction, in Proceedings of the 12th  Information Security Conference (ISC'09), Springer LNCS 5735, Pisa, Italy, September 7 - 9, 2009. (AR=29/105)

 

Deliverables (HPI-Internal):