2021 IEEE Symposium on Visualization for Cyber Security (VizSec)最新文献

筛选

英文中文

SAGE: Intrusion Alert-driven Attack Graph Extractor SAGE:入侵警报驱动的攻击图提取器

2021 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2021-07-06 DOI: 10.1109/VizSec53666.2021.00009

A. Nadeem, S. Verwer, Stephen Moskal, S. Yang

{"title":"SAGE: Intrusion Alert-driven Attack Graph Extractor","authors":"A. Nadeem, S. Verwer, Stephen Moskal, S. Yang","doi":"10.1109/VizSec53666.2021.00009","DOIUrl":"https://doi.org/10.1109/VizSec53666.2021.00009","url":null,"abstract":"Attack graphs (AG) are used to assess pathways availed by cyber adversaries to penetrate a network. State-of-the-art approaches for AG generation focus mostly on deriving dependencies between system vulnerabilities based on network scans and expert knowledge. In real-world operations however, it is costly and ineffective to rely on constant vulnerability scanning and expert-crafted AGs. We propose to automatically learn AGs based on actions observed through intrusion alerts, without prior expert knowledge. Specifically, we develop an unsupervised sequence learning system, SAGE, that leverages the temporal and probabilistic dependence between alerts in a suffix-based probabilistic deterministic finite automaton (S-PDFA) – a model that accentuates infrequent severe alerts and summarizes paths leading to them. AGs are then derived from the S-PDFA on a per-objective, per-victim basis. Tested with intrusion alerts collected through Collegiate Penetration Testing Competition, SAGE compresses over 330k alerts into 93 AGs. These AGs reflect the strategies used by the participating teams. The AGs are succinct, interpretable, and capture behavioral dynamics, e.g., that attackers will often follow shorter paths to re-exploit objectives.","PeriodicalId":183519,"journal":{"name":"2021 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"101 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116960680","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 8

首页上一页