MAD: A visual analytics solution for Multi-step cyber Attacks Detection

Software vulnerabilities represent one of the main weaknesses of an Information Technology (IT) system w.r.t. cyber attacks and nowadays consolidated official data, like the Common Vulnerability Exposure (CVE) dictionary, provide precise and reliable details about them. This information, together wi...

Full description

Saved in:
Bibliographic Details
Published inJournal of computer languages (Online) Vol. 52; pp. 10 - 24
Main Authors Angelini, M., Bonomi, S., Lenti, S., Santucci, G., Taggi, S.
Format Journal Article
LanguageEnglish
Published Elsevier Ltd 01.06.2019
Subjects
Attack graph
Critical infrastructure
Cyber security
Multi-step attacks
Security visualization
Situational awareness
Visual analytics
Vulnerabilities
Situational awareness
Visual analytics
Attack graph
Critical infrastructure
Vulnerabilities
Security visualization
Cyber security
Multi-step attacks
Online AccessGet full text

Cover

More Information
Summary:Software vulnerabilities represent one of the main weaknesses of an Information Technology (IT) system w.r.t. cyber attacks and nowadays consolidated official data, like the Common Vulnerability Exposure (CVE) dictionary, provide precise and reliable details about them. This information, together with the identification of priority systems to defend allows for inspecting the network structure and the most probable paths an attacker is likely to follow to reach sensible resources, with the main goal of identify suitable mitigation actions that reduce the risk of an attack. Some of these mitigation actions can be applied without further delay, some of them, instead, imply a high operational impact on the organization business that makes their usage convenient only when an attack is really on the way. Dealing with this issue is particularly challenging in the context of critical infrastructure where, even if patches are available, organization mission constraints create obstacles to their straightforward application. In this scenario, security operators are forced to deal with known vulnerabilities that cannot be patched and they spend a noticeable effort in proactive analysis, devising countermeasures that can mitigate the effect of a possible attack. This paper presents a Multi-step cyber Attack Detection (MAD) Visual Analytics solution aiming at assisting security operators in improving their network security by analyzing the possible attacks and identifying suitable mitigations. Moreover, during an attack, the system visually presents the security operator with the relevant pieces of information allowing a better comprehension of the attack status and its probable evolution, in order to make decisions on the possible countermeasures.
ISSN:2590-1184
2590-1184
DOI:10.1016/j.cola.2018.12.007