A Predictive Framework for Cyber Security Analytics using Attack Graphs, Subil Abraham, Suku Nair
A Predictive Framework for Cyber Security Analytics using Attack Graphs, Subil Abraham, Suku Nair

Subil Abraham and Suku Nair, A Predictive Framework For Cyber Security Analytics Using Attack Graphs, International Journal of Computer Networks & Communications (IJCNC) January 2015. ISSN:0974-9322; 0975-2293

Abstract:

“Security metrics serve as a powerful tool for organizations to understand the effectiveness of protecting computer networks. However majority of these measurement techniques don’t adequately help corporations to make informed risk management decisions. In this paper we present a stochastic security framework for obtaining quantitative measures of security by taking into account the dynamic attributes associated with vulnerabilities that can change over time. Our model is novel as existing research in attack graph analysis do not consider the temporal aspects associated with the vulnerabilities, such as the availability of exploits and patches which can affect the overall network security based on how the vulnerabilities are interconnected and leveraged to compromise the system. In order to have a more realistic representation of how the security state of the network would vary over time, a nonhomogeneous model is developed which incorporates a time dependent covariate, namely the vulnerability age. The daily transition-probability matrices are estimated using Frei’s Vulnerability Lifecycle model. We also leverage the trusted CVSS metric domain to analyze how the total exploitability and impact measures evolve over a time period for a given network.”

Abraham and Nair kindly referenced my work in this field, writing in this paper “2.4. Cyber Situation Awareness – Tim Bass [32] first introduced the concept of cyberspace situation awareness and built a framework for it which laid the foundation for subsequent research in Network Security Situational Awareness [33].”

Authors Subil Abraham and Suku Nair conclude:

“In this paper, we presented a non-homogenous Markov model for quantitative assessment of security attributes using Attack graphs. Since existing metrics have potential short-comings for accurately quantifying the security of a system with respect to the age of the vulnerabilities, our framework aids the security engineer to make a more realistic and objective security evaluation of the network. What sets our model apart from the rest is the use of the trusted CVSS framework and the incorporation of a well-established Vulnerability lifecycle framework, to comprehend and analyze both the evolving exploitability and impact trends of a given network using Attack Graphs. We used a realistic network to analyze the merits of our model to capture security properties and optimize the application of patches.”


Interested readers may download the full text in PDF format here.