An Attack Graph-based On-line Multi-step Attack Detector

Proceedings of the 19th International Conference on Distributed Computing and Networking Pub Date : 2018-01-04 DOI:10.1145/3154273.3154311

M. Angelini, Silvia Bonomi, Emanuele Borzi, Antonella del Pozzo, S. Lenti, G. Santucci

{"title":"An Attack Graph-based On-line Multi-step Attack Detector","authors":"M. Angelini, Silvia Bonomi, Emanuele Borzi, Antonella del Pozzo, S. Lenti, G. Santucci","doi":"10.1145/3154273.3154311","DOIUrl":null,"url":null,"abstract":"Modern distributed systems are characterized by complex deployment designed to ensure high availability through replication and diversity, to tolerate the presence of failures and to limit the possibility of successful compromising. However, software is not free from bugs that generate vulnerabilities that could be exploited by an attacker through multiple steps. This paper presents an attack-graph based multi-step attack detector aiming at detecting a possible on-going attack early enough to take proper countermeasures through; a Visualization interfaced with the described attack detector presents the security operator with the relevant pieces of information, allowing a better comprehension of the network status and providing assistance in managing attack situations (i.e., reactive analysis mode). We first propose an architecture and then we present the implementation of each building block. Finally, we provide an evaluation of the proposed approach aimed at highlighting the existing trade-off between accuracy of the detection and detection time.","PeriodicalId":276042,"journal":{"name":"Proceedings of the 19th International Conference on Distributed Computing and Networking","volume":"76 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 19th International Conference on Distributed Computing and Networking","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3154273.3154311","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

Abstract

Modern distributed systems are characterized by complex deployment designed to ensure high availability through replication and diversity, to tolerate the presence of failures and to limit the possibility of successful compromising. However, software is not free from bugs that generate vulnerabilities that could be exploited by an attacker through multiple steps. This paper presents an attack-graph based multi-step attack detector aiming at detecting a possible on-going attack early enough to take proper countermeasures through; a Visualization interfaced with the described attack detector presents the security operator with the relevant pieces of information, allowing a better comprehension of the network status and providing assistance in managing attack situations (i.e., reactive analysis mode). We first propose an architecture and then we present the implementation of each building block. Finally, we provide an evaluation of the proposed approach aimed at highlighting the existing trade-off between accuracy of the detection and detection time.

查看原文本刊更多论文

基于攻击图的在线多步攻击检测器

现代分布式系统的特点是复杂的部署，旨在通过复制和多样性确保高可用性，容忍故障的存在并限制成功妥协的可能性。然而，软件并非没有产生漏洞的错误，攻击者可以通过多个步骤利用这些漏洞。本文提出了一种基于攻击图的多步攻击检测器，旨在尽早发现可能正在进行的攻击，从而采取适当的应对措施;与所描述的攻击检测器接口的可视化向安全操作员提供了相关的信息片段，允许更好地理解网络状态，并在管理攻击情况(即反应分析模式)方面提供帮助。我们首先提出一个体系结构，然后给出每个构建块的实现。最后，我们对所提出的方法进行了评估，旨在突出现有的检测精度和检测时间之间的权衡。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 19th International Conference on Distributed Computing and Networking

自引率

0.00%

发文量