5,887 research outputs found
Exact Inference Techniques for the Analysis of Bayesian Attack Graphs
Attack graphs are a powerful tool for security risk assessment by analysing
network vulnerabilities and the paths attackers can use to compromise network
resources. The uncertainty about the attacker's behaviour makes Bayesian
networks suitable to model attack graphs to perform static and dynamic
analysis. Previous approaches have focused on the formalization of attack
graphs into a Bayesian model rather than proposing mechanisms for their
analysis. In this paper we propose to use efficient algorithms to make exact
inference in Bayesian attack graphs, enabling the static and dynamic network
risk assessments. To support the validity of our approach we have performed an
extensive experimental evaluation on synthetic Bayesian attack graphs with
different topologies, showing the computational advantages in terms of time and
memory use of the proposed techniques when compared to existing approaches.Comment: 14 pages, 15 figure
Efficient Attack Graph Analysis through Approximate Inference
Attack graphs provide compact representations of the attack paths that an
attacker can follow to compromise network resources by analysing network
vulnerabilities and topology. These representations are a powerful tool for
security risk assessment. Bayesian inference on attack graphs enables the
estimation of the risk of compromise to the system's components given their
vulnerabilities and interconnections, and accounts for multi-step attacks
spreading through the system. Whilst static analysis considers the risk posture
at rest, dynamic analysis also accounts for evidence of compromise, e.g. from
SIEM software or forensic investigation. However, in this context, exact
Bayesian inference techniques do not scale well. In this paper we show how
Loopy Belief Propagation - an approximate inference technique - can be applied
to attack graphs, and that it scales linearly in the number of nodes for both
static and dynamic analysis, making such analyses viable for larger networks.
We experiment with different topologies and network clustering on synthetic
Bayesian attack graphs with thousands of nodes to show that the algorithm's
accuracy is acceptable and converge to a stable solution. We compare sequential
and parallel versions of Loopy Belief Propagation with exact inference
techniques for both static and dynamic analysis, showing the advantages of
approximate inference techniques to scale to larger attack graphs.Comment: 30 pages, 14 figure
Preserving Link Privacy in Social Network Based Systems
A growing body of research leverages social network based trust relationships
to improve the functionality of the system. However, these systems expose
users' trust relationships, which is considered sensitive information in
today's society, to an adversary.
In this work, we make the following contributions. First, we propose an
algorithm that perturbs the structure of a social graph in order to provide
link privacy, at the cost of slight reduction in the utility of the social
graph. Second we define general metrics for characterizing the utility and
privacy of perturbed graphs. Third, we evaluate the utility and privacy of our
proposed algorithm using real world social graphs. Finally, we demonstrate the
applicability of our perturbation algorithm on a broad range of secure systems,
including Sybil defenses and secure routing.Comment: 16 pages, 15 figure
Comprehensive Security Framework for Global Threats Analysis
Cyber criminality activities are changing and becoming more and more professional. With the growth of financial flows through the Internet and the Information System (IS), new kinds of thread arise involving complex scenarios spread within multiple IS components. The IS information modeling and Behavioral Analysis are becoming new solutions to normalize the IS information and counter these new threads. This paper presents a framework which details the principal and necessary steps for monitoring an IS. We present the architecture of the framework, i.e. an ontology of activities carried out within an IS to model security information and User Behavioral analysis. The results of the performed experiments on real data show that the modeling is effective to reduce the amount of events by 91%. The User Behavioral Analysis on uniform modeled data is also effective, detecting more than 80% of legitimate actions of attack scenarios
- …