缓解横向移动网络攻击的基于图形的影响度量

Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense Pub Date : 2016-10-24 DOI:10.1145/2994475.2994476

Emilie Purvine, John R. Johnson, C. Lo

{"title":"缓解横向移动网络攻击的基于图形的影响度量","authors":"Emilie Purvine, John R. Johnson, C. Lo","doi":"10.1145/2994475.2994476","DOIUrl":null,"url":null,"abstract":"Most cyber network attacks begin with an adversary gaining a foothold within the network and proceed with lateral movement until a desired goal is achieved. The mechanism by which lateral movement occurs varies but the basic signature of hopping between hosts by exploiting vulnerabilities is the same. Because of the nature of the vulnerabilities typically exploited, lateral movement is very difficult to detect and defend against. In this paper we define a dynamic reachability graph model of the network to discover possible paths that an adversary could take using different vulnerabilities, and how those paths evolve over time. We use this reachability graph to develop dynamic machine-level and network-level impact scores. Lateral movement mitigation strategies which make use of our impact scores are also discussed, and we detail an example using a freely available data set.","PeriodicalId":343057,"journal":{"name":"Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"A Graph-Based Impact Metric for Mitigating Lateral Movement Cyber Attacks\",\"authors\":\"Emilie Purvine, John R. Johnson, C. Lo\",\"doi\":\"10.1145/2994475.2994476\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Most cyber network attacks begin with an adversary gaining a foothold within the network and proceed with lateral movement until a desired goal is achieved. The mechanism by which lateral movement occurs varies but the basic signature of hopping between hosts by exploiting vulnerabilities is the same. Because of the nature of the vulnerabilities typically exploited, lateral movement is very difficult to detect and defend against. In this paper we define a dynamic reachability graph model of the network to discover possible paths that an adversary could take using different vulnerabilities, and how those paths evolve over time. We use this reachability graph to develop dynamic machine-level and network-level impact scores. Lateral movement mitigation strategies which make use of our impact scores are also discussed, and we detail an example using a freely available data set.\",\"PeriodicalId\":343057,\"journal\":{\"name\":\"Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense\",\"volume\":\"26 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2994475.2994476\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2994475.2994476","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

摘要

大多数网络攻击都是从对手在网络中获得立足点开始的，然后进行横向移动，直到达到预期目标。横向移动发生的机制各不相同，但利用漏洞在主机之间跳跃的基本特征是相同的。由于通常被利用的漏洞的性质，横向移动非常难以检测和防御。在本文中，我们定义了网络的动态可达性图模型，以发现攻击者使用不同漏洞可能采取的路径，以及这些路径如何随时间演变。我们使用这个可达性图来开发动态的机器级和网络级影响评分。还讨论了利用我们的影响分数的横向移动缓解策略，并详细介绍了使用免费数据集的示例。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Graph-Based Impact Metric for Mitigating Lateral Movement Cyber Attacks

Most cyber network attacks begin with an adversary gaining a foothold within the network and proceed with lateral movement until a desired goal is achieved. The mechanism by which lateral movement occurs varies but the basic signature of hopping between hosts by exploiting vulnerabilities is the same. Because of the nature of the vulnerabilities typically exploited, lateral movement is very difficult to detect and defend against. In this paper we define a dynamic reachability graph model of the network to discover possible paths that an adversary could take using different vulnerabilities, and how those paths evolve over time. We use this reachability graph to develop dynamic machine-level and network-level impact scores. Lateral movement mitigation strategies which make use of our impact scores are also discussed, and we detail an example using a freely available data set.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense

自引率

0.00%

发文量