Differential Attack Graph-Based Approach for Assessing Change in the Network Attack Surface
Assessing change in an attack surface of dynamic computer networks is a formidable challenge. Researchers have previously looked into the problem of measuring network risk and used an attack graph (AG) for network hardening. However, such AG-based approaches do not consider the likely variations in...
Saved in:
Published in | Information Systems Security pp. 324 - 344 |
---|---|
Main Authors | , , , |
Format | Book Chapter |
Language | English |
Published |
Cham
Springer International Publishing
|
Series | Lecture Notes in Computer Science |
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Assessing change in an attack surface of dynamic computer networks is a formidable challenge. Researchers have previously looked into the problem of measuring network risk and used an attack graph (AG) for network hardening. However, such AG-based approaches do not consider the likely variations in the attack surface. Further, even though it is possible to generate attack graphs for a realistic network efficiently, resulting graphs poses a severe challenge to human comprehension. To overcome such problems, in this paper, we present a differential attack graph-based change detection technique. We proposed a change distribution matrix-based technique to discern differences in the network attack surface. Our method not only detects the degree of change in the network attack surface but also finds the root causes in a time-efficient manner. We use a synthetic network to illustrate the approach and perform a set of simulations to evaluate the performance. Experimental results show that our technique is capable of assessing changes in the attack surface, and thus can be used in practice for network hardening. |
---|---|
ISBN: | 9783030369446 3030369447 |
ISSN: | 0302-9743 1611-3349 |
DOI: | 10.1007/978-3-030-36945-3_18 |