Analysis techniques; Attack graph; Infrastructure deployments; Machine-learning; Mean errors; Performance; Reinforcement learnings; Computer Networks and Communications; Software; Safety, Risk, Reliability and Quality
Résumé :
[en] Nowadays, new flaws or vulnerabilities are frequently discovered. Analyzing how these vulnerabilities can be used by attackers to gain access to different parts of a network allows to provide better protection and defense. Amongst the diverse analysis techniques, simulations do not necessitate a full infrastructure deployment and recently benefited from advances in reinforcement learning to better mimic an attacker's behavior. However, such simulations are resource consuming. By representing the interconnected hosts of a network and their vulnerabilities as attack graphs and leveraging machine learning, our method, Vulnet, is capable to generalize knowledge generated by simulation and gives insight about attacker capabilities. It can predict instantaneously the overall performance of an attacker to compromise a system with a mean error of 0.07.
Disciplines :
Sciences informatiques
Auteur, co-auteur :
D'andrea, Enzo; Inria - LORIA, Nancy, France
FRANCOIS, Jérôme ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN ; Inria Nancy Grand Est, France
Festor, Olivier; Université de Lorraine - LORIA, Nancy, France
Co-auteurs externes :
yes
Langue du document :
Anglais
Titre :
Vulnet: Learning Navigation in an Attack Graph
Date de publication/diffusion :
2024
Nom de la manifestation :
2024 IEEE 10th International Conference on Network Softwarization (NetSoft) - SecSoft 2024 - 6th International Workshop on Cyber-Security in Software-defined and Virtualized Infrastructures
Lieu de la manifestation :
Saint Louis, Usa
Date de la manifestation :
24-06-2024 => 28-06-2024
Manifestation à portée :
International
Titre de l'ouvrage principal :
2024 IEEE 10th International Conference on Network Softwarization, NetSoft 2024
Maison d'édition :
Institute of Electrical and Electronics Engineers Inc.
Graph-based Learning And Analysis For Intrusion Detection In Information Systems
Subventionnement (détails) :
This work has been partially supported by the French National Research Agency under the France 2030 label (Superviz ANR-22-PECY-0008). The views reflected herein do not necessarily reflect the opinion of the French government. This research was funded in part, by the Luxembourg National Research Fund (FNR), grant reference INTER/ANR/20/14783140/GLADIS.
N. Poolsappasit, R. Dewri, and I. Ray, "Dynamic security risk management using bayesian attack graphs, " IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 1, pp. 61-74, 2012.
J. Nyberg, P. Johnson, and A. Mehes, "Cyber threat response using reinforcement learning in graph-based attack simulations, " in IEEE/IFIP Network Operations and Management Symposium (NOMS), 2022.
M. D. R. Team., "Cyberbattlesim, " https://github.com/microsoft/cyberbattlesim, 2021, created by Christian Seifert, Michael Betser, William Blum, James Bono, Kate Farris, Emily Goren, Justin Grana, Kristian Holsheimer, Brandon Marken, Joshua Neil, Nicole Nichols, Jugal Parikh, Haoran Wei.
L. Maghrabi, E. Pfluegel, L. Al-Fagih, R. Graf, G. Settanni, and F. Skopik, "Improved software vulnerability patching techniques using CVSS and game theory, " in International Conference on Cyber Security And Protection Of Digital Services (Cyber Security), 2017.
B. L. Bullough, A. K. Yanchenko, C. L. Smith, and J. R. Zipkin, "Predicting Exploitation of Disclosed Software Vulnerabilities Using Open-source Data, " in International Workshop on Security And Privacy Analytics (IWSPA). ACM, 2017.
A. Feutrill, D. Ranathunga, Y. Yarom, and M. Roughan, "The Effect of Common Vulnerability Scoring System Metrics on Vulnerability Exploit Delay, " in Sixth International Symposium on Computing and Networking (CANDAR), 2018.
W. He, H. Li, and J. Li, "Unknown Vulnerability Risk Assessment Based on Directed Graph Models: A Survey, " IEEE Access, vol. 7, 2019.
R. E. Sawilla and X. Ou, "Identifying Critical Attack Assets in Dependency Attack Graphs, " in Computer Security-ESORICS 2008, S. Jajodia and J. Lopez, Eds. Springer, 2008.
X. Ou, S. Govindavajhala, and A. W. Appel, "MulVAL: A logic-based network security analyzer, " in Security Symposium. USENIX, 2005.
C. Duan, Z. Wang, H. Ding, M. Jiang, Y. Ren, and T. Wu, "A Vulnerability Assessment Method for Network System Based on Cooperative Game Theory, " in Algorithms and Architectures for Parallel Processing, ser. Lecture Notes in Computer Science. Cham: Springer International Publishing, 2020.
T. Cody, P. Beling, and L. Freeman, "Towards Continuous Cyber Testing with Reinforcement Learning for Whole Campaign Emulation, " in 2022 IEEE AUTOTESTCON, Aug. 2022, pp. 1-5.
L. Lu, R. Safavi-Naini, M. Hagenbuchner, W. Susilo, J. Horton, S. Yong, and A. Tsoi, "Ranking Attack Graphs with Graph Neural Networks, " vol. 5451, Apr. 2009, pp. 345-359.
M. Yousefi, N. Mtetwa, Y. Zhang, and H. Tianfield, "A Reinforcement Learning Approach for Attack Graph Analysis, " in 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2018.
K. Rusek, J. Suarez-Varela, P. Almasan, P. Barlet-Ros, and A. Cabellos-Aparicio, "RouteNet: Leveraging Graph Neural Networks for Network Modeling and Optimization in SDN, " IEEE Journal on Selected Areas in Communications, vol. 38, no. 10, Oct. 2020.
Y. Xue, J. Guo, L. Zhang, and H. Song, "Message Passing Graph Neural Networks for Software Security Vulnerability Detection, " in International Conference on Computer Network, Electronic and Automation (ICCNEA), 2022.
