{"title":"将证据图映射到攻击图","authors":"Changwei Liu, A. Singhal, D. Wijesekera","doi":"10.1109/WIFS.2012.6412636","DOIUrl":null,"url":null,"abstract":"Attack graphs compute potential attack paths from a system configuration and known vulnerabilities of a system. Evidence graphs model intrusion evidence and dependencies among them. In this paper, we show how to map evidence graphs to attack graphs. This mapping is useful for application of attack graphs and evidence graphs for forensic analysis. In addition to helping to refine attack graphs by using known sets of dependent attack evidence, important probabilistic information contained in evidence graphs can be used to compute or refine potential attack success probabilities obtained from repositories like CVSS. Conversely, attack graphs can be used to add missing evidence or remove irrelevant evidence trails to build a complete evidence graph. We illustrated the mapping by using a database attack as a case study.","PeriodicalId":396789,"journal":{"name":"2012 IEEE International Workshop on Information Forensics and Security (WIFS)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":"{\"title\":\"Mapping evidence graphs to attack graphs\",\"authors\":\"Changwei Liu, A. Singhal, D. Wijesekera\",\"doi\":\"10.1109/WIFS.2012.6412636\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Attack graphs compute potential attack paths from a system configuration and known vulnerabilities of a system. Evidence graphs model intrusion evidence and dependencies among them. In this paper, we show how to map evidence graphs to attack graphs. This mapping is useful for application of attack graphs and evidence graphs for forensic analysis. In addition to helping to refine attack graphs by using known sets of dependent attack evidence, important probabilistic information contained in evidence graphs can be used to compute or refine potential attack success probabilities obtained from repositories like CVSS. Conversely, attack graphs can be used to add missing evidence or remove irrelevant evidence trails to build a complete evidence graph. We illustrated the mapping by using a database attack as a case study.\",\"PeriodicalId\":396789,\"journal\":{\"name\":\"2012 IEEE International Workshop on Information Forensics and Security (WIFS)\",\"volume\":\"32 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"26\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE International Workshop on Information Forensics and Security (WIFS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WIFS.2012.6412636\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE International Workshop on Information Forensics and Security (WIFS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WIFS.2012.6412636","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Attack graphs compute potential attack paths from a system configuration and known vulnerabilities of a system. Evidence graphs model intrusion evidence and dependencies among them. In this paper, we show how to map evidence graphs to attack graphs. This mapping is useful for application of attack graphs and evidence graphs for forensic analysis. In addition to helping to refine attack graphs by using known sets of dependent attack evidence, important probabilistic information contained in evidence graphs can be used to compute or refine potential attack success probabilities obtained from repositories like CVSS. Conversely, attack graphs can be used to add missing evidence or remove irrelevant evidence trails to build a complete evidence graph. We illustrated the mapping by using a database attack as a case study.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
