Reasoning about sequential cyberattacks

Vivin Paliath, Paulo Shakarian

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Cyber adversaries employ a variety of malware and exploits to attack computer systems, usually via sequential or “chained” attacks, that take advantage of vulnerability dependencies. In this paper, we introduce a formalism to model such attacks. We show that the determination of the set of capabilities gained by an attacker, which also translates to extent to which the system is compromised, corresponds with the convergence of a simple fixed-point operator. We then address the problem of determining the optimal/most-dangerous strategy for a cyber-adversary with respect to this model and find it to be an NP-Complete problem. To address this complexity we utilize an A*based approach with an admissible heuristic, that incorporates the result of the fixed-point operator and uses memoization for greater efficiency. We provide an implementation and show through a suite of experiments, using both simulated and actual vulnerability data, that this method performs well in practice for identifying adversarial courses of action in this domain. On average, we found that our techniques decrease runtime by 82%.

Original languageEnglish (US)
Title of host publicationProceedings of the 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2019
EditorsFrancesca Spezzano, Wei Chen, Xiaokui Xiao
PublisherAssociation for Computing Machinery, Inc
Pages855-862
Number of pages8
ISBN (Electronic)9781450368681
DOIs
StatePublished - Aug 27 2019
Event11th IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2019 - Vancouver, Canada
Duration: Aug 27 2019Aug 30 2019

Publication series

NameProceedings of the 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2019

Conference

Conference11th IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2019
CountryCanada
CityVancouver
Period8/27/198/30/19

    Fingerprint

Keywords

  • Adversarial reasoning
  • Cyber-attack modeling
  • Cybersecurity

ASJC Scopus subject areas

  • Communication
  • Computer Networks and Communications
  • Information Systems and Management
  • Sociology and Political Science

Cite this

Paliath, V., & Shakarian, P. (2019). Reasoning about sequential cyberattacks. In F. Spezzano, W. Chen, & X. Xiao (Eds.), Proceedings of the 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2019 (pp. 855-862). (Proceedings of the 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2019). Association for Computing Machinery, Inc. https://doi.org/10.1145/3341161.3343522