Differential Attack Graph-Based Approach for Assessing Change in the Network Attack Surface

• Published in: Information Systems Security pp. 324 - 344
• Main Authors: Bopche, Ghanshyam S., Rai, Gopal N., Ramchandra Reddy, B., Mehtre, B. M.
• Format: Book Chapter
• Language: English
• Published: Cham Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: Attack graph; Attack surface; Change distribution; Multistage attacks; Network security; Security metric
• ISBN: 9783030369446; 3030369447
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-030-36945-3_18

Assessing change in an attack surface of dynamic computer networks is a formidable challenge. Researchers have previously looked into the problem of measuring network risk and used an attack graph (AG) for network hardening. However, such AG-based approaches do not consider the likely variations in the attack surface. Further, even though it is possible to generate attack graphs for a realistic network efficiently, resulting graphs poses a severe challenge to human comprehension. To overcome such problems, in this paper, we present a differential attack graph-based change detection technique. We proposed a change distribution matrix-based technique to discern differences in the network attack surface. Our method not only detects the degree of change in the network attack surface but also finds the root causes in a time-efficient manner. We use a synthetic network to illustrate the approach and perform a set of simulations to evaluate the performance. Experimental results show that our technique is capable of assessing changes in the attack surface, and thus can be used in practice for network hardening.