Impact-Driven Sampling Strategies for Hybrid Attack Graphs

2022 IEEE International Symposium on Technologies for Homeland Security (HST) Pub Date : 2022-11-14 DOI:10.1109/HST56032.2022.10025439

Omer Subasi, Sumit Purohit, Arnab Bhattacharya, Samrat Chatterjee

{"title":"Impact-Driven Sampling Strategies for Hybrid Attack Graphs","authors":"Omer Subasi, Sumit Purohit, Arnab Bhattacharya, Samrat Chatterjee","doi":"10.1109/HST56032.2022.10025439","DOIUrl":null,"url":null,"abstract":"Cyber-Physical Systems (CPSs) have a large input space, with discrete and continuous elements across multiple layers. Hybrid Attack Graphs (HAGs) provide a flexible and efficient approach to generate attack sequences for a CPS. Analysis and testing of large-scale HAGs are prohibitively costly. To address scalability and analysis challenges of HAG generation, it is required to reduce the HAG size via sampling. Existing sampling techniques provide probabilistic sampling and do not consider the complete coverage of different types of vulnerabilities. Moreover, they do not consider the impact of successful attacks. In this work, we propose a sampling algorithm that is impact driven and coverage aware. In addition, we provide several sampling strategies for cyber-security experts to inquire about potential attacks. The experimental results performed on both synthetic and real-world graphs show that our sampling method reduces up to 50% of nodes and 86% edges while retaining all vulnerability types across different attack graph representations and graph generators.","PeriodicalId":162426,"journal":{"name":"2022 IEEE International Symposium on Technologies for Homeland Security (HST)","volume":"73 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE International Symposium on Technologies for Homeland Security (HST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST56032.2022.10025439","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Cyber-Physical Systems (CPSs) have a large input space, with discrete and continuous elements across multiple layers. Hybrid Attack Graphs (HAGs) provide a flexible and efficient approach to generate attack sequences for a CPS. Analysis and testing of large-scale HAGs are prohibitively costly. To address scalability and analysis challenges of HAG generation, it is required to reduce the HAG size via sampling. Existing sampling techniques provide probabilistic sampling and do not consider the complete coverage of different types of vulnerabilities. Moreover, they do not consider the impact of successful attacks. In this work, we propose a sampling algorithm that is impact driven and coverage aware. In addition, we provide several sampling strategies for cyber-security experts to inquire about potential attacks. The experimental results performed on both synthetic and real-world graphs show that our sampling method reduces up to 50% of nodes and 86% edges while retaining all vulnerability types across different attack graph representations and graph generators.

查看原文本刊更多论文

混合攻击图的影响驱动采样策略

信息物理系统(cps)具有很大的输入空间，具有跨多层的离散和连续元素。混合攻击图(HAGs)为CPS生成攻击序列提供了一种灵活高效的方法。大规模hag的分析和测试成本高得令人望而却步。为了解决HAG生成的可扩展性和分析挑战，需要通过采样来减小HAG的大小。现有的抽样技术提供了概率抽样，并且没有考虑到不同类型漏洞的完整覆盖。此外，他们没有考虑成功攻击的影响。在这项工作中，我们提出了一种影响驱动和覆盖感知的采样算法。此外，我们还提供了几种采样策略，供网络安全专家查询潜在的攻击。在合成图和真实图上进行的实验结果表明，我们的采样方法减少了多达50%的节点和86%的边，同时保留了不同攻击图表示和图生成器中的所有漏洞类型。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE International Symposium on Technologies for Homeland Security (HST)

自引率

0.00%

发文量