Vulnet: Learning Navigation in an Attack Graph

Analysis techniques; Attack graph; Infrastructure deployments; Machine-learning; Mean errors; Performance; Reinforcement learnings; Computer Networks and Communications; Software; Safety, Risk, Reliability and Quality

Abstract :

[en] Nowadays, new flaws or vulnerabilities are frequently discovered. Analyzing how these vulnerabilities can be used by attackers to gain access to different parts of a network allows to provide better protection and defense. Amongst the diverse analysis techniques, simulations do not necessitate a full infrastructure deployment and recently benefited from advances in reinforcement learning to better mimic an attacker's behavior. However, such simulations are resource consuming. By representing the interconnected hosts of a network and their vulnerabilities as attack graphs and leveraging machine learning, our method, Vulnet, is capable to generalize knowledge generated by simulation and gives insight about attacker capabilities. It can predict instantaneously the overall performance of an attacker to compromise a system with a mean error of 0.07.

Disciplines :

Computer science

Author, co-author :

D'andrea, Enzo; Inria - LORIA, Nancy, France

FRANCOIS, Jérôme ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN ; Inria Nancy Grand Est, France

LAHMADI, Abdelkader ; Université de Lorraine - LORIA, Nancy, France

Festor, Olivier; Université de Lorraine - LORIA, Nancy, France

External co-authors :

yes

Language :

English

Title :

Vulnet: Learning Navigation in an Attack Graph

Publication date :

2024

Event name :

2024 IEEE 10th International Conference on Network Softwarization (NetSoft) - SecSoft 2024 - 6th International Workshop on Cyber-Security in Software-defined and Virtualized Infrastructures

Event place :

Saint Louis, Usa

Event date :

24-06-2024 => 28-06-2024

Audience :

International

Main work title :

2024 IEEE 10th International Conference on Network Softwarization, NetSoft 2024

Publisher :

Institute of Electrical and Electronics Engineers Inc.

ISBN/EAN :

9798350369588

Peer reviewed :

Peer reviewed

Additional URL :

http://xplorestaging.ieee.org/ielx8/10587319/10588876/10588918.pdf?arnumber=10588918
https://hal.science/hal-04782284

FnR Project :

INTER/ANR/20/14783140/GLADIS

Name of the research project :

Graph-based Learning And Analysis For Intrusion Detection In Information Systems

Funding text :

This work has been partially supported by the French National Research Agency under the France 2030 label (Superviz ANR-22-PECY-0008). The views reflected herein do not necessarily reflect the opinion of the French government. This research was funded in part, by the Luxembourg National Research Fund (FNR), grant reference INTER/ANR/20/14783140/GLADIS.

Available on ORBilu :

since 19 December 2024

Statistics

Number of views

83 (1 by Unilu)

Number of downloads

55 (1 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

Bibliography

N. Poolsappasit, R. Dewri, and I. Ray, "Dynamic security risk management using bayesian attack graphs, " IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 1, pp. 61-74, 2012.
J. Nyberg, P. Johnson, and A. Mehes, "Cyber threat response using reinforcement learning in graph-based attack simulations, " in IEEE/IFIP Network Operations and Management Symposium (NOMS), 2022.
M. D. R. Team., "Cyberbattlesim, " https://github.com/microsoft/cyberbattlesim, 2021, created by Christian Seifert, Michael Betser, William Blum, James Bono, Kate Farris, Emily Goren, Justin Grana, Kristian Holsheimer, Brandon Marken, Joshua Neil, Nicole Nichols, Jugal Parikh, Haoran Wei.
FIRST, "CVSS v3.1 Specification Document." [Online]. Available: https://www.first.org/cvss/specification-document
L. Maghrabi, E. Pfluegel, L. Al-Fagih, R. Graf, G. Settanni, and F. Skopik, "Improved software vulnerability patching techniques using CVSS and game theory, " in International Conference on Cyber Security And Protection Of Digital Services (Cyber Security), 2017.
B. L. Bullough, A. K. Yanchenko, C. L. Smith, and J. R. Zipkin, "Predicting Exploitation of Disclosed Software Vulnerabilities Using Open-source Data, " in International Workshop on Security And Privacy Analytics (IWSPA). ACM, 2017.
A. Feutrill, D. Ranathunga, Y. Yarom, and M. Roughan, "The Effect of Common Vulnerability Scoring System Metrics on Vulnerability Exploit Delay, " in Sixth International Symposium on Computing and Networking (CANDAR), 2018.
W. He, H. Li, and J. Li, "Unknown Vulnerability Risk Assessment Based on Directed Graph Models: A Survey, " IEEE Access, vol. 7, 2019.
R. E. Sawilla and X. Ou, "Identifying Critical Attack Assets in Dependency Attack Graphs, " in Computer Security-ESORICS 2008, S. Jajodia and J. Lopez, Eds. Springer, 2008.
X. Ou, S. Govindavajhala, and A. W. Appel, "MulVAL: A logic-based network security analyzer, " in Security Symposium. USENIX, 2005.
C. Duan, Z. Wang, H. Ding, M. Jiang, Y. Ren, and T. Wu, "A Vulnerability Assessment Method for Network System Based on Cooperative Game Theory, " in Algorithms and Architectures for Parallel Processing, ser. Lecture Notes in Computer Science. Cham: Springer International Publishing, 2020.
T. Cody, P. Beling, and L. Freeman, "Towards Continuous Cyber Testing with Reinforcement Learning for Whole Campaign Emulation, " in 2022 IEEE AUTOTESTCON, Aug. 2022, pp. 1-5.
L. Lu, R. Safavi-Naini, M. Hagenbuchner, W. Susilo, J. Horton, S. Yong, and A. Tsoi, "Ranking Attack Graphs with Graph Neural Networks, " vol. 5451, Apr. 2009, pp. 345-359.
M. Yousefi, N. Mtetwa, Y. Zhang, and H. Tianfield, "A Reinforcement Learning Approach for Attack Graph Analysis, " in 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2018.
K. Rusek, J. Suarez-Varela, P. Almasan, P. Barlet-Ros, and A. Cabellos-Aparicio, "RouteNet: Leveraging Graph Neural Networks for Network Modeling and Optimization in SDN, " IEEE Journal on Selected Areas in Communications, vol. 38, no. 10, Oct. 2020.
Y. Xue, J. Guo, L. Zhang, and H. Song, "Message Passing Graph Neural Networks for Software Security Vulnerability Detection, " in International Conference on Computer Network, Electronic and Automation (ICCNEA), 2022.