Letteratura scientifica selezionata sul tema "Dynamic attack graph"
Cita una fonte nei formati APA, MLA, Chicago, Harvard e in molti altri stili
Consulta la lista di attuali articoli, libri, tesi, atti di convegni e altre fonti scientifiche attinenti al tema "Dynamic attack graph".
Accanto a ogni fonte nell'elenco di riferimenti c'è un pulsante "Aggiungi alla bibliografia". Premilo e genereremo automaticamente la citazione bibliografica dell'opera scelta nello stile citazionale di cui hai bisogno: APA, MLA, Harvard, Chicago, Vancouver ecc.
Puoi anche scaricare il testo completo della pubblicazione scientifica nel formato .pdf e leggere online l'abstract (il sommario) dell'opera se è presente nei metadati.
Articoli di riviste sul tema "Dynamic attack graph":
1
Jaiganesh, M., G. ShivajiRao, P. Dhivya, M. Udhayamoorthi e A. Vincent Antony Kumar. "Intrusion Optimal Path Attack detection using ACO for Cloud Computing". E3S Web of Conferences 472 (2024): 02009. http://dx.doi.org/10.1051/e3sconf/202447202009.
Abstract (sommario):
As the cloud infrastructure is simultaneously shared by millions of consumers, heinous use of cloud resources are also increasing. It makes ways to attackers to set up attacks by exploiting the vulnerabilities. And obviously, these attacks are leading to severe disasters as innocent consumers are unknowingly sharing cloud resources with harmful attackers. To prevent the occurrence of cloud attacks, attack graph based framework is proposed in this paper. Here, an attack path sketches an attack scenario by a streak of threats ranging in severity rating that shows how popular a particular cloud network service is in comparison. In a dynamic cloud environment, the proposed framework can disclose an optimal attack path thereby preventing cloud attacks. In cloud system the infrastructure is shared by potentially millions of users, which benefits the attackers to exploit vulnerabilities of the cloud. An instrument for analyzing multi-stage, multi-host assault scenarios in networks is the attack graph. It might not be possible for the administrator to patch every vulnerability n a large number of assault paths in an attack graph. The administrator might not be able to fix every vulnerability. To identify the most preferred or ideal assault path from a particular attack graph in a setting Ant Colony Optimization (ACO) algorithm is used.
2
Pal, Arunangshu, e Prasenjit Choudhury. "Mitigating Black Hole Attacks in AODV Routing Protocol Using Dynamic Graph". Mapana - Journal of Sciences 11, n. 4 (22 agosto 2012): 65–76. http://dx.doi.org/10.12723/mjs.23.5.
Abstract (sommario):
With the advancement of wireless technologies, Mobile Ad hoc NETwork (MANET) has been an important field of study. MANETs find useful applications in the real world, for example in military battlefield and disaster management. Since MANET is dynamic in nature, it must be represented by dynamic graph. Evolving graph, a form of dynamic graph, may be used for the purpose. When we talk about a network, a routing protocol comes into the question, and one of the most popular routing protocols is AODV. However, since AODV suffers from a drawback that it may be a victim of black hole attack, we need to find a technique to eliminate the possibility of the phenomenon. This paper makes a study of MANET and an efficient way of representing MANET by dynamic graph. It explains the AODV routing technique and the black hole attack. It then extends the idea of dynamic graph to propose a technique to solve the problem of black hole attack in AODV.
3
Sæther, Sigve Hortemo, Jan Arne Telle e Martin Vatshelle. "Solving #SAT and MAXSAT by Dynamic Programming". Journal of Artificial Intelligence Research 54 (9 settembre 2015): 59–82. http://dx.doi.org/10.1613/jair.4831.
Abstract (sommario):
We look at dynamic programming algorithms for propositional model counting, also called #SAT, and MaxSAT. Tools from graph structure theory, in particular treewidth, have been used to successfully identify tractable cases in many subfields of AI, including SAT, Constraint Satisfaction Problems (CSP), Bayesian reasoning, and planning. In this paper we attack #SAT and MaxSAT using similar, but more modern, graph structure tools. The tractable cases will include formulas whose class of incidence graphs have not only unbounded treewidth but also unbounded clique-width. We show that our algorithms extend all previous results for MaxSAT and #SAT achieved by dynamic programming along structural decompositions of the incidence graph of the input formula. We present some limited experimental results, comparing implementations of our algorithms to state-of-the-art #SAT and MaxSAT solvers, as a proof of concept that warrants further research.
4
Rajeshwari, T., e C. Thangamani. "Attack Impact Discovery and Recovery with Dynamic Bayesian Networks". Asian Journal of Computer Science and Technology 8, S1 (5 febbraio 2019): 74–79. http://dx.doi.org/10.51983/ajcst-2019.8.s1.1953.
Abstract (sommario):
The network attacks are discovered using the Intrusion Detection Systems (IDS). Anomaly, signature and compound attack detection schemes are employed to fetch malicious data traffic activities. The attack impact analysis operations are carried out to discover the malicious objects in the network. The system objects are contaminated with process injection or hijacking. The attack ramification model discovers the contaminated objects. The dependency networks are built to model the information flow over the objects in the network. The dependency network is a directed graph built to indicate the data communication over the objects. The attack ramification models are designed with intrusion root information. The attack ramifications are applied to identify the malicious objects and contaminated objects. The attack ramifications are discovered with the information flows from the attack sources. The Attack Ramification with Bayesian Network (ARBN) scheme discovers the attack impact without the knowledge of the intrusion root. The probabilistic reasoning approach is employed to analyze the object state for ramification process. The objects lifetime is divided into temporal slices to verify the object state changes. The system call traces and object slices are correlated to construct the Temporal Dependency Network (TDN). The Bayesian Network (BN) is constructed with the uncertain data communication activities extracted from the TDN. The attack impact is fetched with loopy belief propagation on the BN model. The network security system is built with attack impact analysis and recovery operations. Live traffic data analysis process is carried out with improved temporal slicing concepts. Attack Ramification and Recovery with Dynamic Bayesian Network (ARRDBN) is built to support attack impact analysis and recovery tasks. The unsupervised attack handling mechanism automatically discovers the feasible solution for the associated attacks.
5
Hu, Chenao, e Xuefeng Yan. "Dynamic Trilateral Game Model for Attack Graph Security Game". IOP Conference Series: Materials Science and Engineering 790 (7 aprile 2020): 012112. http://dx.doi.org/10.1088/1757-899x/790/1/012112.
6
Lv, Huiying, Yuan Zhang e Jie Wang. "Network Threat Identification and Analysis Based on a State Transition Graph". Cybernetics and Information Technologies 13, Special-Issue (1 dicembre 2013): 51–61. http://dx.doi.org/10.2478/cait-2013-0037.
Abstract (sommario):
Abstract With the rapid popularity of Internet and information technology, local area network is becoming insecure. Along with the improving advantages, security threats are emerging continually and bringing great pressure and challenges. An identification and analysis method for network real-time threats is proposed to accurately assess and master the current network security situation, and thereby preferably guide a dynamic defense. This method recognizes the current threats and predicts the subsequent threats by modeling attack scenarios and simulating attack state transferring. The threat identification model is called Attack State Transition Graph and Real-Time Attack State Graph, which is constructed by an Expanded Finite-State Automata. Based on the former possible threat paths, the state transitions can be illustrated and based on the latter, actually successful threats and threat paths are described. Then a threat identification algorithm is presented based on the above model. With this algorithm, various invalid threats are filtered; current valid threats are obtained by correlating the dynamic alarms with a static attack scenario. Further on, combining the Attack State Transition Graph with a Real-Time Attack State Graph, a possible next threat and a threat path can be identified and an attack target can also be predicted. Finally, the simulated results in an experimental network verify the feasibility and validity of the model and algorithm. This method provides a novel solution to evaluate and analyze the network security situation.
7
Gao, Xiang, Xue Qin Xu e Min Wang. "Evaluating Network Security Based on Attack Graph". Advanced Materials Research 756-759 (settembre 2013): 2374–78. http://dx.doi.org/10.4028/www.scientific.net/amr.756-759.2374.
Abstract (sommario):
By now, Attack Graph (AG) is widely applied to the field of network security assessment. In the AG, each vertex has a value that implies the probability of the exploit and each edge represents the relationship between the exploits. In this paper we design an AG model and propose an approach which integrates the AG model with the Dynamic Bayesian Network (DBN). The approach not only strengthens the rationality of uncertain reasoning, but also provides a quantitative assessment of network security status. We evaluated the approach by experiment. The results showed that our model is rather accurate and the performance of it is competitive.
8
Lee, Dongjin, Juho Lee e Kijung Shin. "Spear and Shield: Adversarial Attacks and Defense Methods for Model-Based Link Prediction on Continuous-Time Dynamic Graphs". Proceedings of the AAAI Conference on Artificial Intelligence 38, n. 12 (24 marzo 2024): 13374–82. http://dx.doi.org/10.1609/aaai.v38i12.29239.
Abstract (sommario):
Real-world graphs are dynamic, constantly evolving with new interactions, such as financial transactions in financial networks. Temporal Graph Neural Networks (TGNNs) have been developed to effectively capture the evolving patterns in dynamic graphs. While these models have demonstrated their superiority, being widely adopted in various important fields, their vulnerabilities against adversarial attacks remain largely unexplored. In this paper, we propose T-SPEAR, a simple and effective adversarial attack method for link prediction on continuous-time dynamic graphs, focusing on investigating the vulnerabilities of TGNNs. Specifically, before the training procedure of a victim model, which is a TGNN for link prediction, we inject edge perturbations to the data that are unnoticeable in terms of the four constraints we propose, and yet effective enough to cause malfunction of the victim model. Moreover, we propose a robust training approach T-SHIELD to mitigate the impact of adversarial attacks. By using edge filtering and enforcing temporal smoothness to node embeddings, we enhance the robustness of the victim model. Our experimental study shows that T-SPEAR significantly degrades the victim model's performance on link prediction tasks, and even more, our attacks are transferable to other TGNNs, which differ from the victim model assumed by the attacker. Moreover, we demonstrate that T-SHIELD effectively filters out adversarial edges and exhibits robustness against adversarial attacks, surpassing the link prediction performance of the naive TGNN by up to 11.2% under T-SPEAR. The code and datasets are available at https://github.com/wooner49/T-spear-shield
9
Boudermine, Antoine, Rida Khatoun e Jean-Henri Choyer. "Dynamic logic-based attack graph for risk assessment in complex computer systems". Computer Networks 228 (giugno 2023): 109730. http://dx.doi.org/10.1016/j.comnet.2023.109730.
10
Guo, Mingyu, Max Ward, Aneta Neumann, Frank Neumann e Hung Nguyen. "Scalable Edge Blocking Algorithms for Defending Active Directory Style Attack Graphs". Proceedings of the AAAI Conference on Artificial Intelligence 37, n. 5 (26 giugno 2023): 5649–56. http://dx.doi.org/10.1609/aaai.v37i5.25701.
Abstract (sommario):
Active Directory (AD) is the default security management system for Windows domain networks. An AD environment naturally describes an attack graph where nodes represent computers/accounts/security groups, and edges represent existing accesses/known exploits that allow the attacker to gain access from one node to another. Motivated by practical AD use cases, we study a Stackelberg game between one attacker and one defender. There are multiple entry nodes for the attacker to choose from and there is a single target (Domain Admin). Every edge has a failure rate. The attacker chooses the attack path with the maximum success rate. The defender can block a limited number of edges (i.e., revoke accesses) from a set of blockable edges, limited by budget. The defender's aim is to minimize the attacker's success rate. We exploit the tree-likeness of practical AD graphs to design scalable algorithms. We propose two novel methods that combine theoretical fixed parameter analysis and practical optimisation techniques. For graphs with small tree widths, we propose a tree decomposition based dynamic program. We then propose a general method for converting tree decomposition based dynamic programs to reinforcement learning environments, which leads to an anytime algorithm that scales better, but loses the optimality guarantee. For graphs with small numbers of non-splitting paths (a parameter we invent specifically for AD graphs), we propose a kernelization technique that significantly downsizes the model, which is then solved via mixed-integer programming. Experimentally, our algorithms scale to handle synthetic AD graphs with tens of thousands of nodes.
Tesi sul tema "Dynamic attack graph":
1
Hamid, Thaier K. A. "Attack graph approach to dynamic network vulnerability analysis and countermeasures". Thesis, University of Bedfordshire, 2014. http://hdl.handle.net/10547/576432.
Abstract (sommario):
It is widely accepted that modern computer networks (often presented as a heterogeneous collection of functioning organisations, applications, software, and hardware) contain vulnerabilities. This research proposes a new methodology to compute a dynamic severity cost for each state. Here a state refers to the behaviour of a system during an attack; an example of a state is where an attacker could influence the information on an application to alter the credentials. This is performed by utilising a modified variant of the Common Vulnerability Scoring System (CVSS), referred to as a Dynamic Vulnerability Scoring System (DVSS). This calculates scores of intrinsic, time-based, and ecological metrics by combining related sub-scores and modelling the problem’s parameters into a mathematical framework to develop a unique severity cost. The individual static nature of CVSS affects the scoring value, so the author has adapted a novel model to produce a DVSS metric that is more precise and efficient. In this approach, different parameters are used to compute the final scores determined from a number of parameters including network architecture, device setting, and the impact of vulnerability interactions. An attack graph (AG) is a security model representing the chains of vulnerability exploits in a network. A number of researchers have acknowledged the attack graph visual complexity and a lack of in-depth understanding. Current attack graph tools are constrained to only limited attributes or even rely on hand-generated input. The automatic formation of vulnerability information has been troublesome and vulnerability descriptions are frequently created by hand, or based on limited data. The network architectures and configurations along with the interactions between the individual vulnerabilities are considered in the method of computing the Cost using the DVSS and a dynamic cost-centric framework. A new methodology was built up to present an attack graph with a dynamic cost metric based on DVSS and also a novel methodology to estimate and represent the cost-centric approach for each host’ states was followed out. A framework is carried out on a test network, using the Nessus scanner to detect known vulnerabilities, implement these results and to build and represent the dynamic cost centric attack graph using ranking algorithms (in a standardised fashion to Mehta et al. 2006 and Kijsanayothin, 2010). However, instead of using vulnerabilities for each host, a CostRank Markov Model has developed utilising a novel cost-centric approach, thereby reducing the complexity in the attack graph and reducing the problem of visibility. An analogous parallel algorithm is developed to implement CostRank. The reason for developing a parallel CostRank Algorithm is to expedite the states ranking calculations for the increasing number of hosts and/or vulnerabilities. In the same way, the author intends to secure large scale networks that require fast and reliable computing to calculate the ranking of enormous graphs with thousands of vertices (states) and millions of arcs (representing an action to move from one state to another). In this proposed approach, the focus on a parallel CostRank computational architecture to appraise the enhancement in CostRank calculations and scalability of of the algorithm. In particular, a partitioning of input data, graph files and ranking vectors with a load balancing technique can enhance the performance and scalability of CostRank computations in parallel. A practical model of analogous CostRank parallel calculation is undertaken, resulting in a substantial decrease in calculations communication levels and in iteration time. The results are presented in an analytical approach in terms of scalability, efficiency, memory usage, speed up and input/output rates. Finally, a countermeasures model is developed to protect against network attacks by using a Dynamic Countermeasures Attack Tree (DCAT). The following scheme is used to build DCAT tree (i) using scalable parallel CostRank Algorithm to determine the critical asset, that system administrators need to protect; (ii) Track the Nessus scanner to determine the vulnerabilities associated with the asset using the dynamic cost centric framework and DVSS; (iii) Check out all published mitigations for all vulnerabilities. (iv) Assess how well the security solution mitigates those risks; (v) Assess DCAT algorithm in terms of effective security cost, probability and cost/benefit analysis to reduce the total impact of a specific vulnerability.
2
Boudermine, Antoine. "A dynamic attack graphs based approach for impact assessment of vulnerabilities in complex computer systems". Electronic Thesis or Diss., Institut polytechnique de Paris, 2022. http://www.theses.fr/2022IPPAT046.
Abstract (sommario):
De nos jours, les réseaux informatiques sont utilisés dans de nombreux domaines et leur défaillance peut avoir un fort impact sur notre vie quotidienne. L'évaluation de leur sécurité est une nécessité pour réduire le risque de compromission par un attaquant. Néanmoins, les solutions proposées jusqu'à présent sont rarement adaptées à la grande complexité des systèmes informatiques modernes. Elles reposent souvent sur un travail humain trop important et les algorithmes utilisés ne sont pas assez performants. De plus, l'évolution du système dans le temps est rarement modélisée et n'est donc pas prise en compte dans l'évaluation de sa sécurité. Dans cette thèse, nous proposons un nouveau modèle de graphe d'attaque construit à partir d'une description dynamique du système. Nous avons mis en évidence à travers nos expériences que notre modèle permettait d'identifier davantage de chemins d'attaque qu'un modèle de graphe d'attaque statique. Nous avons ensuite proposé un algorithme de simulation d'attaques permettant d'approximer les chances de succès de compromission du système par un acteur malveillant. Nous avons également prouvé que notre solution était capable d'analyser la sécurité de systèmes complexes. La complexité en temps dans le pire des cas a été évaluée pour chaque algorithme utilisé et plusieurs tests ont été réalisés pour mesurer leurs performances réelles. Pour terminer, nous avons appliqué notre solution sur un réseau IT composé de plusieurs milliers d'éléments. De futurs travaux devraient être réalisés pour améliorer les performances de l'algorithme de génération des graphes d'attaque afin de permettre d'analyser des systèmes toujours plus complexes. Des solutions devraient également être trouvées pour faciliter l'étape de modélisation du système qui reste encore à ce jour une tâche difficile à réaliser, surtout par des humains. Enfin, l'algorithme de simulation pourrait être amélioré pour être plus réaliste et tenir compte des réelles capacités de l'attaquant. Il serait également intéressant d'évaluer l'impact des attaques au niveau de l'organisation et de ses processus métiersNowadays, computer networks are used in many fields and their breakdown can strongly impact our daily life. Assessing their security is a necessity to reduce the risk of compromise by an attacker. Nevertheless, the solutions proposed so far are rarely adapted to the high complexity of modern computer systems. They often rely on too much human work and the algorithms used don't scale well. Furthermore, the evolution of the system over time is rarely modeled and is therefore not considered in the evaluation of its security.In this thesis, we propose a new attack graph model built from a dynamic description of the system. We have shown through our experimentations that our model allows to identify more attack paths than a static attack graph model. We then proposed an attack simulation algorithm to approximate the chances of success of system compromise by a malicious actor.We also proved that our solution was able to analyze the security of complex systems. The worst-case time complexity was assessed for each algorithm used. Several tests were performed to measure their real performances. Finally, we applied our solution on an IT network composed of several thousand elements.Future work should be done to improve the performance of the attack graph generation algorithm in order to analyze increasingly complex systems. Solutions should also be found to facilitate the system modeling step which is still a difficult task to perform, especially by humans. Finally, the simulation algorithm could be improved to be more realistic and take into account the real capabilities of the attacker. It would also be interesting to assess the impact of the attacks on the organization and its business processes
3
Aguessy, François-Xavier. "Évaluation dynamique de risque et calcul de réponses basés sur des modèles d’attaques bayésiens". Thesis, Evry, Institut national des télécommunications, 2016. http://www.theses.fr/2016TELE0016/document.
Abstract (sommario):
Les systèmes d'information sont une cible de plus en plus attractive pour les attaquants. Dans cette thèse de doctorat, nous construisons une méthodologie complète d'analyse statique et dynamique de risque prenant en compte la connaissance à priori d'un système avec les événements dynamiques, afin de proposer des réponses permettant d'empêcher les attaques futures. Tout d'abord, nous étudions comment corriger les attaques potentielles qui peuvent arriver dans un système, en s'appuyant sur les graphes d'attaque logiques. Nous proposons une méthodologie de remédiation corrigeant les chemins d'attaque les plus significatifs. Les remédiations candidates sont classées en fonction de leur coût opérationnel et leur impact sur le système. Les graphes d'attaques ne peuvent pas être directement utilisés pour l'évaluation dynamique de risque. Nous étendons donc ce modèle pour construire des modèles d'analyse dynamique de risque basés sur des réseaux bayésiens. Le modèle hybride d'évaluation de risque se divise en deux modèles complémentaires: (1) Les modèles de corrélation de risque, permettant d'analyser les attaques en cours et fournir les probabilités de compromission des états du système, (2) les modèles d'évaluation du risque futur, permettant évaluer les attaques futures les plus probables. Nous analysons la sensibilité des paramètres probabilistes du modèle et en validons les résultats à partir de graphes d'attaque topologiquesInformation systems constitute an increasingly attractive target for attackers. Given the number and complexity of attacks, security teams need to focus their actions, in order to select the most appropriate security controls. Because of the threat posed by advanced multi-step attacks, it is difficult for security operators to fully cover all vulnerabilities when deploying countermeasures. In this PhD thesis, we build a complete framework for static and dynamic risk assessment including prior knowledge on the information system and dynamic events, proposing responses to prevent future attacks. First, we study how to remediate the potential attacks that can happen in a system, using logical attack graphs. We build a remediation methodology to prevent the most relevant attack paths extracted from a logical attack graph. In order to help an operator to choose between several remediation candidates, we rank them according to a cost of remediation combining operational and impact costs. Then, we study the dynamic attacks that can occur in a system. Attack graphs are not directly suited for dynamic risk assessment. Thus, we extend this mode to build dynamic risk assessment models to evaluate the attacks that are the most likely. The hybrid model is subdivided in two complementary models: (1) the first ones analysing ongoing attacks and provide the hosts' compromise probabilities, and (2) the second ones assessing the most likely future attacks. We study the sensitivity of their probabilistic parameters. Finally, we validate the accuracy and usage of both models in the domain of cybersecurity, by building them from a topological attack graph
4
Aguessy, François-Xavier. "Évaluation dynamique de risque et calcul de réponses basés sur des modèles d’attaques bayésiens". Electronic Thesis or Diss., Evry, Institut national des télécommunications, 2016. http://www.theses.fr/2016TELE0016.
Abstract (sommario):
Les systèmes d'information sont une cible de plus en plus attractive pour les attaquants. Dans cette thèse de doctorat, nous construisons une méthodologie complète d'analyse statique et dynamique de risque prenant en compte la connaissance à priori d'un système avec les événements dynamiques, afin de proposer des réponses permettant d'empêcher les attaques futures. Tout d'abord, nous étudions comment corriger les attaques potentielles qui peuvent arriver dans un système, en s'appuyant sur les graphes d'attaque logiques. Nous proposons une méthodologie de remédiation corrigeant les chemins d'attaque les plus significatifs. Les remédiations candidates sont classées en fonction de leur coût opérationnel et leur impact sur le système. Les graphes d'attaques ne peuvent pas être directement utilisés pour l'évaluation dynamique de risque. Nous étendons donc ce modèle pour construire des modèles d'analyse dynamique de risque basés sur des réseaux bayésiens. Le modèle hybride d'évaluation de risque se divise en deux modèles complémentaires: (1) Les modèles de corrélation de risque, permettant d'analyser les attaques en cours et fournir les probabilités de compromission des états du système, (2) les modèles d'évaluation du risque futur, permettant évaluer les attaques futures les plus probables. Nous analysons la sensibilité des paramètres probabilistes du modèle et en validons les résultats à partir de graphes d'attaque topologiquesInformation systems constitute an increasingly attractive target for attackers. Given the number and complexity of attacks, security teams need to focus their actions, in order to select the most appropriate security controls. Because of the threat posed by advanced multi-step attacks, it is difficult for security operators to fully cover all vulnerabilities when deploying countermeasures. In this PhD thesis, we build a complete framework for static and dynamic risk assessment including prior knowledge on the information system and dynamic events, proposing responses to prevent future attacks. First, we study how to remediate the potential attacks that can happen in a system, using logical attack graphs. We build a remediation methodology to prevent the most relevant attack paths extracted from a logical attack graph. In order to help an operator to choose between several remediation candidates, we rank them according to a cost of remediation combining operational and impact costs. Then, we study the dynamic attacks that can occur in a system. Attack graphs are not directly suited for dynamic risk assessment. Thus, we extend this mode to build dynamic risk assessment models to evaluate the attacks that are the most likely. The hybrid model is subdivided in two complementary models: (1) the first ones analysing ongoing attacks and provide the hosts' compromise probabilities, and (2) the second ones assessing the most likely future attacks. We study the sensitivity of their probabilistic parameters. Finally, we validate the accuracy and usage of both models in the domain of cybersecurity, by building them from a topological attack graph
5
Saman, Nariman Goran. "A Framework for Secure Structural Adaptation". Thesis, Linnéuniversitetet, Institutionen för datavetenskap och medieteknik (DM), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-78658.
Abstract (sommario):
A (self-) adaptive system is a system that can dynamically adapt its behavior or structure during execution to "adapt" to changes to its environment or the system itself. From a security standpoint, there has been some research pertaining to (self-) adaptive systems in general but not enough care has been shown towards the adaptation itself. Security of systems can be reasoned about using threat models to discover security issues in the system. Essentially that entails abstracting away details not relevant to the security of the system in order to focus on the important aspects related to security. Threat models often enable us to reason about the security of a system quantitatively using security metrics. The structural adaptation process of a (self-) adaptive system occurs based on a reconfiguration plan, a set of steps to follow from the initial state (configuration) to the final state. Usually, the reconfiguration plan consists of multiple strategies for the structural adaptation process and each strategy consists of several steps steps with each step representing a specific configuration of the (self-) adaptive system. Different reconfiguration strategies have different security levels as each strategy consists of a different sequence configuration with different security levels. To the best of our knowledge, there exist no approaches which aim to guide the reconfiguration process in order to select the most secure available reconfiguration strategy, and the explicit security of the issues associated with the structural reconfiguration process itself has not been studied. In this work, based on an in-depth literature survey, we aim to propose several metrics to measure the security of configurations, reconfiguration strategies and reconfiguration plans based on graph-based threat models. Additionally, we have implemented a prototype to demonstrate our approach and automate the process. Finally, we have evaluated our approach based on a case study of our making. The preliminary results tend to expose certain security issues during the structural adaptation process and exhibit the effectiveness of our proposed metrics.
6
Mensah, Pernelle. "Generation and Dynamic Update of Attack Graphs in Cloud Providers Infrastructures". Thesis, CentraleSupélec, 2019. http://www.theses.fr/2019CSUP0011.
Abstract (sommario):
Dans les infrastructures traditionnelles, les graphes d’attaque permettent de brosser un tableau de la sécurité, car ils sont un modèle décrivant les différentes étapes suivies par un attaquant dans le but de compromettre un actif du réseau. Ces graphes peuvent ainsi servir de base à l’évaluation automatisée des risques, en s’appuyant sur l’identification et l’évaluation des actifs essentiels. Cela permet de concevoir des contre-mesures proactives et réactives pour la réduction des risques et peut être utilisé pour la surveillance et le renforcement de la sécurité du réseau.Cette thèse vise à appliquer une approche similaire dans les environnements Cloud, ce qui implique de prendre en compte les nouveaux défis posés par ces infrastructures modernes, la majorité des graphes d’attaque étant conçue pour une application dans des environnements traditionnels. Les nouveaux scénarios d’attaque liés à la virtualisation, ainsi que les propriétés inhérentes du Cloud, à savoir l’élasticité et le caractère dynamique, sont quelques-uns des obstacles à franchir à cette fin.Ainsi, pour atteindre cet objectif, un inventaire complet des vulnérabilités liées à la virtualisation a été effectué, permettant d'inclure cette nouvelle dimension dans les graphes d'attaque existants. Par l'utilisation d'un modèle adapté à l’échelle du Cloud, nous avons pu tirer parti des technologies Cloud et SDN, dans le but de construire des graphes d’attaque et de les maintenir à jour. Des algorithmes capables de faire face aux modifications fréquentes survenant dans les environnements virtualisés ont été conçus et testés à grande échelle sur une plateforme Cloud réelle afin d'évaluer les performances et confirmer la validité des méthodes proposées dans cette thèse pour permettre à l’administrateur de Cloud de disposer d’un graphe d’attaque à jour dans cet environnentIn traditional environments, attack graphs can paint a picture of the security exposure of the environment. Indeed, they represent a model allowing to depict the many steps an attacker can take to compromise an asset. They can represent a basis for automated risk assessment, relying on an identification and valuation of critical assets in the network. This allows to design pro-active and reactive counter-measures for risk mitigation and can be leveraged for security monitoring and network hardening.Our thesis aims to apply a similar approach in Cloud environments, which implies to consider new challenges incurred by these modern infrastructures, since the majority of attack graph methods were designed with traditional environments in mind. Novel virtualization attack scenarios, as well as inherent properties of the Cloud, namely elasticity and dynamism are a cause for concern.To realize this objective, a thorough inventory of virtualization vulnerabilities was performed, for the extension of existing vulnerability templates. Based on an attack graph representation model suitable to the Cloud scale, we were able to leverage Cloud and SDN technologies, with the purpose of building Cloud attack graphs and maintain them in an up-to-date state. Algorithms able to cope with the frequent rate of change occurring in virtualized environments were designed and extensively tested on a real scale Cloud platform for performance evaluation, confirming the validity of the methods proposed in this thesis, in order to enable Cloud administrator to dispose of an up-to-date Cloud attack graph
7
KALLAS, KASSEM. "A Game-Theoretic Approach for Adversarial Information Fusion in Distributed Sensor Networks". Doctoral thesis, Università di Siena, 2017. http://hdl.handle.net/11365/1005735.
Abstract (sommario):
Every day we share our personal information through digital systems which are constantly exposed to threats. For this reason, security-oriented disciplines of signal processing have received increasing attention in the last decades: multimedia forensics, digital watermarking, biometrics, network monitoring, steganography and steganalysis are just a few examples. Even though each of these fields has its own peculiarities, they all have to deal with a common problem: the presence of one or more adversaries aiming at making the system fail. Adversarial Signal Processing lays the basis of a general theory that takes into account the impact that the presence of an adversary has on the design of effective signal processing tools.
By focusing on the application side of Adversarial Signal Processing, namely adversarial information fusion in distributed sensor networks, and adopting a game-theoretic approach, this thesis contributes to the above mission by addressing four issues. First, we address decision fusion in distributed sensor networks by developing a novel soft isolation defense scheme that protects the
network from adversaries, specifically, Byzantines. Second, we develop an optimum decision fusion strategy in the presence of Byzantines. In the next step, we propose a technique to reduce the complexity of the optimum fusion by relying on a novel nearly-optimum message passing algorithm based on factor graphs. Finally, we introduce a defense mechanism to protect decentralized networks running consensus algorithm against data falsification attacks.
Capitoli di libri sul tema "Dynamic attack graph":
1
Grammatikakis, Konstantinos-Panagiotis, e Nicholas Kolokotronis. "Attack Graph Generation". In Cyber-Security Threats, Actors, and Dynamic Mitigation, 281–334. Boca Raton: CRC Press, 2021.: CRC Press, 2021. http://dx.doi.org/10.1201/9781003006145-8.
2
Gain, Ayan, e Mridul Sankar Barik. "Attack Graph Based Security Metrics for Dynamic Networks". In Information Systems Security, 109–28. Cham: Springer Nature Switzerland, 2023. http://dx.doi.org/10.1007/978-3-031-49099-6_7.
3
Wang, Haiping, Binbin Li, Tianning Zang, Yifei Yang, Zisen Qi, Siyu Jia e Yu Ding. "Real-Time Aggregation for Massive Alerts Based on Dynamic Attack Granularity Graph". In Science of Cyber Security, 225–43. Cham: Springer Nature Switzerland, 2023. http://dx.doi.org/10.1007/978-3-031-45933-7_14.
4
Husák, Martin, Joseph Khoury, Đorđe Klisura e Elias Bou-Harb. "On the Provision of Network-Wide Cyber Situational Awareness via Graph-Based Analytics". In Complex Computational Ecosystems, 167–79. Cham: Springer Nature Switzerland, 2023. http://dx.doi.org/10.1007/978-3-031-44355-8_12.
Abstract (sommario):
AbstractIn this paper, we posit how semi-static (i.e., not changing very often) complex computer network-based intelligence using graph-based analytics can become enablers of Cyber Situational Awareness (CSA) (i.e., perception, comprehension, and projection of situations in a cyber environment). A plethora of newly surfaced cyber security researchers have used graph-based analytics to facilitate particular down tasks in dynamic complex cyber environments. This includes graph-, node- and edge-level detection, classification, and others (e.g., credit card fraudulent transactions as an edge classification problem). To the best of our knowledge, very limited efforts have consolidated the outputs of heterogeneous computer network monitoring and reconnaissance tools (e.g., Nmap) in enabling actionable CSA. As such, in this work, we address this literature gap while describing several use cases of graph traversal, graph measures, and subgraph mining in vulnerability and security state assessment, attack projection and mitigation, and device criticality estimation. We highlight the benefits of the graph-based approaches compared to traditional methods. Finally, we postulate open research and application challenges in graph-based analytics for CSA to prompt promising research directions and operational capabilities.
5
Chen, Xihui, Ema Këpuska, Sjouke Mauw e Yunior Ramírez-Cruz. "Active Re-identification Attacks on Periodically Released Dynamic Social Graphs". In Computer Security – ESORICS 2020, 185–205. Cham: Springer International Publishing, 2020. http://dx.doi.org/10.1007/978-3-030-59013-0_10.
6
Xu, Hongcai, e Junpeng Bao. "Dynamic Knowledge Graph-Based Dialogue Generation with Improved Adversarial Meta-Learning". In Artificial Intelligence and Human-Computer Interaction. IOS Press, 2024. http://dx.doi.org/10.3233/faia240132.
Abstract (sommario):
Knowledge graph-based dialogue systems are capable of generating more informative responses and can implement sophisticated reasoning mechanisms. However, these models do not take into account the sparseness and incompleteness of knowledge graph (KG) and cannot be applied to dynamic KG. This paper proposes a dynamic Knowledge graph-based dialogue generation method with improved adversarial Meta-Learning (ADML). ADML formulates dynamic knowledge triples as a problem of adversarial attack and incorporates the objective of quickly adapting to dynamic knowledge-aware dialogue generation. The model can initialize the parameters and adapt to previous unseen knowledge so that training can be quickly completed based on only a few knowledge triples. We show that our model significantly outperforms other baselines. We evaluate and demonstrate that our method adapts extremely fast and well to dynamic knowledge graph-based dialogue generation.
7
Catta, Davide, Jean Leneutre e Vadim Malvone. "Obstruction Logic: A Strategic Temporal Logic to Reason About Dynamic Game Models". In Frontiers in Artificial Intelligence and Applications. IOS Press, 2023. http://dx.doi.org/10.3233/faia230292.
Abstract (sommario):
Games that are played in a dynamic model have been studied in several contexts, such as cybersecurity and planning. In this paper, we introduce a logic for reasoning about a particular class of games with temporal goals played in a dynamic model. In such games, the actions of a player can modify the game model itself. We show that the model-checking problem for our logic is decidable in polynomial-time. Then, using this logic, we show how to express interesting properties of cybersecurity games defined on attack graphs.
8
Bonabeau, Eric, Marco Dorigo e Guy Theraulaz. "Self-Organization and Templates: Application to Data Analysis and Graph Partitioning". In Swarm Intelligence. Oxford University Press, 1999. http://dx.doi.org/10.1093/oso/9780195131581.003.0009.
Abstract (sommario):
The biological phenomena described in the previous chapter were corpse aggregation and brood sorting by ants. The clusters of items obtained with the models introduced in sections 4.3.1 and 4.3.2 emerged at arbitrary locations. The underlying self-organizing process, whereby large clusters grow even larger because they are more attractive than smaller clusters, does not ensure the formation of clusters at specific locations. In the two biological examples described in this chapter, the self-organizing dynamics of aggregation is constrained by templates. A template is a pattern that is used to construct another pattern. The body of a termite queen or a brood pile in ants are two examples of structures—the second one resulting from the activities of the colony—that serve as templates to build walls. Walls built around the termite queen form the royal chamber; walls built around the brood pile form the ant nest. When a mechanism combines self-organization and templates, it exhibits the characteristic properties of self-organization, such as snowball effect or multistability, and at the same time produces a perfectly predictable pattern that follows the template. The two nonparametric algorithms presented in chapter 4, one for multidimensional scaling and the other for graph partitioning, can be made parametric through the use of templates. The number of clusters of data points or vertices can be predefined by forcing items to be deposited in a prespecified number of regions in the space of representation, so that the number of clusters and their locations are known in advance. In the previous chapter, we saw how the attractivity of corpses or the differential attractivity of items of different types could lead to the formation of clusters of specific items. Self-organization lies in this attractivity, which induces a snowball effect: the larger a cluster, the more likely it is to attract even more items. But selforganization can also be combined with a template mechanism in the process of clustering. A template is a kind of prepattern in the environment, used by insects— or by other animals—to organize their activities.
Atti di convegni sul tema "Dynamic attack graph":
1
He, Siying, Mi Wen, Xiumin Li e Zhou Su. "An Approach for Attack Scenario Construction Based on Dynamic Attack Path Graph". In 2023 IEEE/CIC International Conference on Communications in China (ICCC). IEEE, 2023. http://dx.doi.org/10.1109/iccc57788.2023.10233417.
2
Alrehaili, Meaad, e Adel Alshamrani. "An Attack Scenario Reconstruction Approach Using Alerts Correlation and a Dynamic Attack Graph". In 2023 Eighth International Conference On Mobile And Secure Services (MobiSecServ). IEEE, 2023. http://dx.doi.org/10.1109/mobisecserv58080.2023.10329144.
3
Boudermine, Antoine, Rida Khatoun e Jean-Henri Choyer. "Attack Graph-based Solution for Vulnerabilities Impact Assessment in Dynamic Environment". In 2022 5th Conference on Cloud and Internet of Things (CIoT). IEEE, 2022. http://dx.doi.org/10.1109/ciot53061.2022.9766588.
4
Wu, Hua, Yu Gu, Guang Cheng e Yuyang Zhou. "Effectiveness Evaluation Method for Cyber Deception Based on Dynamic Bayesian Attack Graph". In CSSE 2020: 2020 3rd International Conference on Computer Science and Software Engineering. New York, NY, USA: ACM, 2020. http://dx.doi.org/10.1145/3403746.3403897.
5
Lin, Pengwen, e Yonghong Chen. "Dynamic Network Security Situation Prediction based on Bayesian Attack Graph and Big Data". In 2018 IEEE 4th Information Technology and Mechatronics Engineering Conference (ITOEC). IEEE, 2018. http://dx.doi.org/10.1109/itoec.2018.8740765.
6
Wei, Xingshen, Peng Gao, Junxian Xu, Haotian Zhang, Qiuhan Tian e Zengzhou Ma. "Research on attack behaviour detection based on dynamic graph neural network in power IoT system". In International Conference on Computer, Artificial Intelligence, and Control Engineering (CAICE 2022), a cura di Yongquan Yan. SPIE, 2022. http://dx.doi.org/10.1117/12.2640979.
7
Nikseresht, Ilnaz, Issa Traore e Amirali Baniasadi. "Data Visualization of Graph-Based Threat Detection System". In 9th International Conference on Artificial Intelligence and Applications (AIAPP 2022). Academy and Industry Research Collaboration Center (AIRCC), 2022. http://dx.doi.org/10.5121/csit.2022.120913.
Abstract (sommario):
The Activity and Event Network Model (AEN) is a new security knowledge graph that leverages large dynamic uncertain graph theory to capture and analyze stealthy and longterm attack patterns. Because the graph is expected to become extremely large over time, it can be very challenging for security analysts to navigate it and identify meaningful information. We present different visualization layers deployed to improve the graph model’s presentation. The main goal is to build an enhanced visualization system that can more simply and effectively overlay different visualization layers, namely edge/node type, node property, node age, node’s probability of being compromised, and the threat horizon layer. Therefore, with the help of the developed layers, the network security analysts can identify suspicious network security events and activities as soon as possible.
8
Sharma, Kartik, Rakshit Trivedi, Rohit Sridhar e Srijan Kumar. "Temporal Dynamics-Aware Adversarial Attacks on Discrete-Time Dynamic Graph Models". In KDD '23: The 29th ACM SIGKDD Conference on Knowledge Discovery and Data Mining. New York, NY, USA: ACM, 2023. http://dx.doi.org/10.1145/3580305.3599517.
9
Gamarra, Marco, Sachin Shetty, David M. Nicol, Oscar Gonzalez, Charles A. Kamhoua e Laurent Njilla. "Analysis of Stepping Stone Attacks in Dynamic Vulnerability Graphs". In 2018 IEEE International Conference on Communications (ICC 2018). IEEE, 2018. http://dx.doi.org/10.1109/icc.2018.8422723.
10
Wu, Songyang, Yong Zhang e Xiao Chen. "Security Assessment of Dynamic Networks with an Approach of Integrating Semantic Reasoning and Attack Graphs". In 2018 IEEE 4th International Conference on Computer and Communications (ICCC). IEEE, 2018. http://dx.doi.org/10.1109/compcomm.2018.8780998.